2 min read
An apparel store linked to FBI Director Kash Patel appeared to go offline on Friday after onlookers warned that Based Apparel’s website pushed wallet-draining malware.
Until the website apparently went dark, macOS visitors were being prompted to install “ClickFix” malware by copying and pasting a command into their system’s terminal—which put session tokens, browser data, and crypto wallets at risk via an infostealer—a user said on X.
The website was flagged as “potentially deceptive” for MetaMask users, who, when trying to visit the website, received a warning pop-up from the self-custodial wallet that identified “malicious transactions resulting in stolen assets” as among the potential risks.
The attack was reproduced by PCMag; however, Decrypt was unable to do that because Based Apparel plainly says now that “the store will be back online shortly—bolder than ever.”
Infostealer malware is designed to silently and secretly extract sensitive data from users’ devices, with precursors dating back as early as 2006. Two months ago, the FBI said it was investigating several PC games on the Steam platform that installed the malicious software.
It’s unclear whether Based Apparel’s apparent compromise sparked significant losses. The website typically receives an estimated 33,600 visits monthly, according to ahrefs. One of its top pages showcases a camouflage hoodie.
The venture is owned by Patel and Andrew Ollis, who serves on the board of the Kash Foundation as CEO, per The Guardian. Kash Foundation visitors, through one of the nonprofit's primary menus, are directed to Based Apparel.
Although the nonprofit was founded by Patel, he is no longer affiliated in any capacity, according to the organization’s website. A disclosure also makes clear that the Kash Foundation isn’t associated with government agencies, including the FBI.
The FBI director, who has highlighted the bureau’s growing use of artificial intelligence to thwart bad actors, has been the subject of crypto shenanigans before. After Iranian hackers leaked his personal email and burner username, a bevy of Patel-themed meme coins followed.
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.