Home
News
Details

Based Apparel Website Allegedly Distributed Crypto-Stealing Malware Targeting macOS Users

icon币界网
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
A clothing website linked to former FBI official Kash Patel, Based Apparel, is accused of distributing the 'ClickFix' malware targeting macOS users. The site, flagged by MetaMask as deceptive, reportedly stole browser data and wallet information after users executed terminal commands. During verification, the site was offline and receives approximately 33,600 monthly visits. Crypto news outlets are closely monitoring the incident amid ongoing concerns about inflation data and digital asset security.
CoinDesk reports:

A clothing website linked to FBI Director Kash Patel was inaccessible on Friday after it was targeted with malware designed to steal crypto assets. The incident drew attention because the attack method tricked users into manually executing commands, thereby exposing browser data, session tokens, and wallet information.

MetaMask issued a risk warning.

According to reports, the involved website is Based Apparel. When users visit, the page tricks macOS users into copying and pasting a terminal command to install a malicious program called "ClickFix." MetaMask has since flagged the website as "potentially deceptive," warning visitors of the risk of malicious transactions and asset theft.

The report mentioned that PCMag had previously reproduced the attack. Decrypt stated that when attempting to verify, the website page had been changed to a message saying "The store will be back online soon," preventing them from reproducing the behavior again.

The attack targets macOS users

The information-stealing malware involved in this incident is of the infostealer type, characterized by silently extracting sensitive data from devices. According to reports, the compromised data may include session tokens from browsers, local browsing data, and information related to cryptocurrency wallets.

If users follow the prompted terminal commands, attackers may gain access to their account login status and wallet permissions, potentially leading to asset loss.

The website is linked to Patel; the extent of the losses is unclear.

Public information shows that Based Apparel is jointly owned by Patel and Andrew Ollis, who also serves as CEO and board member of the Kash Foundation. Reports also note that, according to the Kash Foundation’s website, Patel is no longer affiliated with the nonprofit organization, which is not affiliated with any government agency, including the FBI.

It is currently unclear whether the suspected website breach has resulted in significant losses. According to Ahrefs data, the website is estimated to receive approximately 33,600 visits per month.

Additional information: Information-stealing malware is not a new type of attack. Two months ago, the U.S. Federal Bureau of Investigation stated that it was investigating multiple PC games on the Steam platform that installed such malware.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.