An online apparel store tied to FBI Director Kash Patel briefly went offline Friday after security researchers warned the site was distributing wallet‑draining malware.
Visitors to Based Apparel’s website who used macOS were reportedly prompted to paste a command into their Terminal to install a utility called “ClickFix.” According to witnesses on X and a PCMag reproduction of the incident, that command installed an infostealer capable of harvesting browser session tokens, cookies and other data that can give attackers access to self‑custodial crypto wallets. MetaMask also flagged the site as “potentially deceptive,” displaying a warning that visiting the page could lead to “malicious transactions resulting in stolen assets.”
Decrypt was unable to reproduce the attack; the store’s homepage now displays a message saying “the store will be back online shortly—bolder than ever.” It appears the storefront went dark shortly after the warnings circulated.
What’s an infostealer?
Infostealer malware silently extracts sensitive data from a compromised machine—credentials, session tokens, browser histories and wallet keys are common targets. Variants have existed since the mid‑2000s, and the FBI recently warned about similar infections tied to malicious PC games on Steam.
Scope and ownership
It’s not yet clear whether the compromise resulted in significant losses. Based Apparel’s site draws an estimated 33,600 visits per month, according to ahrefs, and one of the store’s most popular items is a camouflage hoodie.
Public reporting links the venture to Kash Patel and Andrew Ollis; Ollis serves as CEO of the Kash Foundation and is listed on the foundation’s board, according to The Guardian. The Kash Foundation’s site also includes a menu link to Based Apparel. Although the nonprofit was founded by Patel, the foundation’s website states Patel is “no longer affiliated in any capacity” and discloses that it is not associated with government agencies, including the FBI.
Context
Patel, who has publicly emphasized the FBI’s growing use of AI to combat cybercrime, has previously been the subject of crypto‑related activity: after Iranian hackers leaked a personal email and burner username, several Patel‑themed meme coins appeared.
Takeaways for crypto users
- Treat browser popups and instructions to paste terminal commands with extreme suspicion.
- Heed wallet warnings (like MetaMask’s) and avoid connecting wallets to unfamiliar sites.
- Consider hardware wallets and keep browser extensions and OS software up to date to reduce risk.
This incident highlights the ongoing risk that malicious sites and malware pose to self‑custodial crypto users and the importance of cautious web behavior.
Read more AI-generated news on: undefined/news
