Brief
- Based Apparel, linked to FBI Director Kash Patel, has gone dark after being reported for pushing wallet-draining “ClickFix” malware.
- The infostealer targeted macOS users, tricking them into executing terminal commands to steal session tokens and cryptocurrencies.
- The incident marks the second time Patel has faced crypto-related shenanigans, following a previous data breach.
A clothing store linked to FBI Director Kash Patel appeared to be shut down Friday after onlookers warned that Based Apparel’s website was spreading wallet-draining malware.
Until the website apparently went dark, macOS visitors were asked to install the “ClickFix” malware by copying and pasting a command into their system’s terminal, putting session tokens, browser data, and crypto wallets at risk via an information thief: a user. said onX.
The website was flagged as “potentially misleading” to MetaMask users, who, when attempting to visit the website, received a warning pop-up from the self-custodial wallet identifying “malicious transactions leading to asset theft” among the potential risks.
The attack was reproduced by PCMag; However, Decrypt couldn’t do it because Based Apparel now clearly says that “the store will be back online shortly, bolder than ever.”
Infostealer malware is designed to silently and covertly extract sensitive data from users’ devices, with precursors dating back to 2006. Two months ago, the FBI said He was investigating several PC games on the Steam platform that installed the malware.
It is clear that Based Apparel’s apparent compromise has caused significant losses. The website typically receives around 33,600 visits per month, according to ahrefs. One of its first pages features a camouflage hoodie.
The company is owned by Patel and Andrew Ollis, who serves on the Kash Foundation board as CEO, according to The guardian. Visitors to the Kash Foundation, through one of the nonprofit’s main menus, are directed to Based Apparel.
Although the nonprofit was founded by Patel, he is no longer affiliated with it in any capacity, according to the organization’s website. A disclosure also makes clear that the Kash Foundation is not associated with government agencies, including the FBI.
The FBI director, who has highlighted the bureau’s growing use of artificial intelligence to thwart bad actors, has been the subject of crypto shenanigans before. After Iranian hackers leaked his personal email address and Burner username, a slew of Patel-themed coins follow up.