- A ClickFix attack was found on FBI Director Kash Patel’s BasedApparel.com, targeting macOS users with fake Cloudflare verification.
- The ClickFix attack tricks users into pasting a hidden malicious command into Terminal, stealing browser credentials and crypto wallet data.
- 27 antivirus engines on VirusTotal flagged the payload as malicious, classifying it as a Trojan infostealer written in AppleScript.
- Apple is adding a Terminal paste-protection safeguard in macOS Tahoe 26.4 that would stop exactly this type of attack.
The FBI Director’s Merch Site Has a Malware Problem
There’s an uncomfortable irony in finding a ClickFix attack on a website co-owned by the director of the FBI. BasedApparel.com — a merchandise brand created by Kash Patel and his co-founder Andrew Ollis before Patel took the top job at the bureau under the Trump administration — was caught last week hosting a sophisticated social engineering scheme designed to steal credentials from macOS users. It’s the kind of thing Patel’s own agency investigates.
The attack was first spotted on Thursday by a user based in Portugal, who goes by the handle
