When you buy through our links, you’re supporting our mission.

Subscribe
old windows folder icon

Kash Patel’s Apparel Site Tricked Mac Users Into Installing Malware

Trump merchandise site compromised to deliver Mac malware through fake Cloudflare verification pages

Nikshep Myle Avatar
Nikshep Myle
Nikshep Myle Avatar
Nikshep Myle
Nikshep Myle has been a dedicated writer for Gadget Review for over 2 years and has contributed his writing to other publications as well, including TechRadar, Tom’s Guide and Android Police. Outside the digital world, Nikshep is a strong believer in optimizing health, well-being, and curiosity. He finds joy in gaming, exploring new music, and embarking on travel adventures. In Nikshep’s world, technology seamlessly intertwines with personal well-being and a vibrant array of interests.
All Articles by Nikshep Myle

Nikshep Myle Avatar

By

Nikshep Myle
Nikshep Myle Avatar
Nikshep Myle
Nikshep Myle has been a dedicated writer for Gadget Review for over 2 years and has contributed his writing to other publications as well, including TechRadar, Tom’s Guide and Android Police. Outside the digital world, Nikshep is a strong believer in optimizing health, well-being, and curiosity. He finds joy in gaming, exploring new music, and embarking on travel adventures. In Nikshep’s world, technology seamlessly intertwines with personal well-being and a vibrant array of interests.

All Articles by

Nikshep Myle

·

2 min read
Image: Deposit Photos

Key Takeaways

Key Takeaways

  • Trump merchandise site delivers Mac malware through fake Cloudflare verification pages
  • ClickFix technique tricks users into running base64-encoded credential-stealing Terminal commands
  • Twenty-seven antivirus engines detect BasedApparel payload targeting browser passwords and wallets

Shopping for political merch shouldn’t require opening Terminal, but that’s exactly what some Mac users encountered while browsing BasedApparel.com. The site intermittently displays convincing fake Cloudflare “Unusual Web Traffic Detected” pages that trick visitors into running malicious commands. Think of it as the cybersecurity equivalent of a Trojan horse—except instead of wooden warriors, attackers hide credential-stealing scripts inside what looks like routine website security.

Terminal Commands Hide Credential Theft

The ClickFix technique exploits Mac users’ trust in familiar verification processes.

Here’s how the scam works: you click “Copy” on what appears to be an innocuous verification string, but the hidden clipboard content contains a base64-encoded shell command. When you paste it into Terminal, the script downloads an AppleScript-based infostealer that targets your browser passwords and cryptocurrency wallets.

Security researcher “debbie” described the payload to PCMag as “a classic infostealer, wrapped twice in base64″—essentially malware wearing multiple disguises.

Mac Security Myths Meet Reality

Rising threats like ShadowVault and this BasedApparel attack challenge the “Macs don’t get viruses” assumption.

Twenty-seven antivirus engines flagged the BasedApparel payload as malicious, joining a growing list of Mac-targeted threats including ShadowVault, which criminals rent for $500 monthly. The site appears compromised rather than intentionally malicious—a common ClickFix pattern where attackers abuse legitimate websites to deliver malware.

This technique has previously compromised WordPress sites and other platforms, making any website a potential threat vector.

Apple Fights Back With Paste Warnings

macOS now warns users about potentially dangerous pasted commands, but social engineering still works.

Apple’s recent macOS updates include safeguards that alert you when pasting web-copied commands into Terminal. However, these warnings only work if you actually heed them rather than trusting the fake Cloudflare page.

Your best defense remains skepticism:

  • Legitimate verification pages never require Terminal access
  • Keep macOS updated
  • Use reputable antivirus software
  • Remember that if a website asks you to run commands, you’re probably being scammed

Share this

You Might Also Like_

Our Editorial Process

At Gadget Review, our guides, reviews, and news are driven by thorough human expertise and use our Trust Rating system and the True Score. AI assists in refining our editorial process, ensuring that every article is engaging, clear and succinct. See how we write our content here →

Join over 100k Readers

Join 100,000+ readers discovering the coolest gadgets, smart buying guides, and the tech news that actually matters.

LATEST Lists_

Why Trust Gadget Review

With over 25 years of experience, our editorial process is built on human expertise, ensuring that every article is reliable and trustworthy. AI helps us shape our content to be as succinct and engaging as possible.

Learn more about our commitment to integrity in our Code of Ethics.

LATEST NEWS_

Latest Buying Guides_

Latest Reviews_

LATEST Resource Articles_