FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack

An online clothing store (BasedApparel.com) was compromised to deliver a ClickFix-style infostealer to macOS visitors by showing a fake Cloudflare CAPTCHA page that instructed users to copy and paste obfuscated shell commands into Terminal; executing the commands connected to an attacker C2 and stole browser session data and cryptocurrency. Researchers reproduced the attack, a user first reported it, and the site was later taken offline pending remediation.