Summary
- Based Apparel, associated with FBI Director Kash Patel, has ceased operations after being reported for distributing "ClickFix" malware that drains crypto wallets.
- This malware specifically targeted macOS users by deceiving them into executing terminal commands to steal session tokens and cryptocurrency.
- This incident marks a second occurrence of Patel's involvement in crypto-related issues, following a prior data breach.
A clothing store associated with FBI Director Kash Patel went offline on Friday after reports indicated that Based Apparel's website was distributing wallet-draining malware.
Before the site went dark, visitors using macOS were prompted to install “ClickFix” malware by copying a command into their terminal, which endangered session tokens, browser information, and cryptocurrency wallets, as noted by a user on X.
The website was flagged as “potentially deceptive” for users of MetaMask, who encountered a warning pop-up while trying to access it, indicating risks of “malicious transactions resulting in stolen assets.”
While PCMag was able to replicate the attack, Decrypt could not, as Based Apparel now claims that “the store will be back online shortly—bolder than ever.”
Infostealer malware is designed to covertly extract sensitive information from users’ devices, with its origins traceable to as early as 2006. Two months prior, the FBI reported investigating several PC games on the Steam platform that had installed this harmful software.
It remains uncertain if the apparent breach of Based Apparel led to any substantial losses. The site generally attracts about 33,600 visits each month, according to ahrefs. One of its popular items features a camouflage hoodie.
The business is co-owned by Patel and Andrew Ollis, who is the CEO and serves on the board of the Kash Foundation, as reported by The Guardian. Visitors to the Kash Foundation are directed to Based Apparel through one of the nonprofit's main menus.
While Patel founded the nonprofit, he no longer has any involvement, according to the organization’s official website. It is also clearly stated that the Kash Foundation is not affiliated with any government entities, including the FBI.
The FBI director, who has emphasized the bureau’s increasing use of artificial intelligence to combat criminal activities, has previously faced crypto-related issues. Following a data leak by Iranian hackers that exposed his personal email and burner username, a wave of Patel-themed meme coins emerged.