Based Apparel Goes Offline After ClickFix Malware Detection

Based Apparel, an apparel store linked to FBI Director Kash Patel, went offline on Friday after the website was flagged for distributing ClickFix wallet-draining malware. The malware targeted macOS users by prompting them to copy and paste a terminal command, which stole session tokens, browser data, and cryptocurrency wallets through an infostealer. MetaMask flagged the site as "potentially deceptive," warning users of potential "malicious transactions resulting in stolen assets."

Technical Details of the Attack

The ClickFix malware operated by deceiving macOS visitors into executing terminal commands that compromised sensitive user data. PCMag successfully reproduced the attack; however, Decrypt was unable to replicate it as the Based Apparel website had already gone offline. The infostealer malware is designed to silently extract sensitive data from users' devices.

Current Status and Response

The Based Apparel website now displays a message stating "the store will be back online shortly—bolder than ever." According to ahrefs, the website typically receives approximately 33,600 visits monthly. It remains unclear whether the apparent compromise resulted in significant user losses.

Ownership and Affiliation

Based Apparel is owned by Kash Patel and Andrew Ollis, who serves as CEO on the board of the Kash Foundation. The Kash Foundation's website previously directed visitors to Based Apparel through one of its primary menus. Although Patel founded the nonprofit, he is no longer affiliated with it in any capacity, according to the organization's website. The Kash Foundation also clarified that it is not associated with government agencies, including the FBI.

Previous Crypto-Related Incidents

This incident marks the second time Patel has faced crypto-related issues. Iranian hackers previously leaked his personal email and burner username, which subsequently led to the creation of multiple Patel-themed meme coins.