Particle.news
Download on the App Store
4 ARTICLES
·
4w ago

Kash Patel‑Linked Apparel Site Taken Offline After Serving macOS Crypto‑Theft Malware

Researchers say the site prompted Mac users to paste and run a terminal command that could expose browser session tokens and self‑custody crypto wallets.

Federal Bureau of Investigation (FBI) Director Kash Patel looks on during a Senate Committee on Appropriations, Subcommittee on Commerce, Justice, Science, and Related Agencies hearing in the Dirksen Senate Office Building on Capitol Hill on May 12, 2026 in Washington, DC. (Photo by Win McNamee/Getty Images)
Image
Image
Image

Overview

  • Security researchers and an X user first flagged the compromise, and PCMag reproduced a fake Cloudflare page that asked macOS visitors to copy a hidden command into Terminal that fetched an infostealer called “ClickFix.”
  • MetaMask displayed warnings that labeled the site potentially deceptive and warned of malicious transactions and stolen assets when users tried to visit the store.
  • TechCrunch and Decrypt report the Based Apparel storefront went offline on Friday after the alerts and that site owners have not provided substantive public comment.
  • The malicious command decoded and ran a shell script that researchers say can collect Chromium browser data, session tokens, and crypto wallet files and then send them to a hacker‑controlled server, but investigators have not confirmed the scale of any losses.
  • The store is owned by Kash Patel and Andrew Ollis and is linked on the Kash Foundation site, and the incident highlights broader risks from copy‑paste Terminal scams and how infostealer campaigns can target crypto users and legitimate sites.