FBI director Kash Patel’s merchandise website taken offline after malware attack

The merchandise website tied to FBI Director Kash Patel was taken offline Friday after hackers allegedly compromised the platform and used it to distribute malware targeting visitors, including macOS users.

The site, Based Apparel, became inaccessible after cybersecurity researchers and users identified malicious activity linked to the online store. Reports surfaced Thursday when an X user operating under the name “debbie” flagged what appeared to be malware embedded on the site. Security researchers later examined the attack and identified it as part of a broader malware campaign affecting multiple websites.

Visitors to the site were reportedly shown a fake Cloudflare verification page instructing them to copy and paste code into their computer terminals. The tactic, known as a ClickFix attack, relies on social engineering to convince users to execute malicious commands themselves.

The malicious code targeted Mac computers and downloaded a script-based information stealer designed to harvest browser data, saved passwords, login credentials, and cryptocurrency wallet information. Researchers found that the malware also collected data from multiple browsers and wallet applications, compressed the stolen information, transmitted it to a remote server, and then deleted itself to avoid detection.

Cybersecurity researcher WifiRumHam analyzed the compromised website and found the store was operating on WordPress using the WooCommerce e-commerce platform. The attack involved a malicious plugin capable of both stealing payment information and deploying the fake CAPTCHA prompt used in the ClickFix scheme.

The malware reportedly bypassed several conventional macOS security protections. Researchers indicated the campaign appeared widespread, with similar infections identified on other websites using related infrastructure or plugins.

Based Apparel did not respond to requests for comment. An email sent to a Gmail address previously associated with Patel also received no response.

The incident marked the second high-profile cybersecurity issue involving businesses linked to prominent MAGA political figures this week.

Trump Mobile, the wireless carrier and smartphone brand associated with President Donald Trump, confirmed Friday that customer information had been exposed online. The exposed data included names, email addresses, mailing addresses, phone numbers, and order identifiers. The exposure came to light after a researcher alerted two YouTubers who had purchased Trump Mobile devices that their personal information was publicly accessible online.