FBI Director Kash Patel's merchandise website, BasedApparel.com, was found hosting a "ClickFix" malware attack that tricks macOS users into running a malicious command by disguising it as a Cloudflare human-verification process. Victims are prompted to copy what appears to be a simple verification code, but the clipboard actually receives a hidden obfuscated command that, when run in Terminal, executes a script designed to steal browser credentials and cryptocurrency wallet data. The attack likely resulted from hackers compromising the site, and the malicious payload was flagged by 27 antivirus engines as a Trojan/infostealer.
