FBI director Kash Patel’s brand website taken offline after malware reports

The merchandise site for a public figure was compromised and used in a widespread campaign that employed a fake Cloudflare CAPTCHA and a ClickFix social-engineering prompt to get macOS users to paste and run a malicious terminal command; the site hosted a malicious WordPress plugin that stole payment data and delivered a script-based macOS stealer which collects browser data, passwords and cryptocurrency wallet information before exfiltration.