Based Apparel went offline Friday after a compromise used a fake Cloudflare check to trick visitors into pasting malicious code into Mac terminals.
The copied command secretly installed an infostealer that a researcher said could grab login credentials, browser cookies, Apple Notes, keychain passwords and data from more than 200 crypto extensions.
The same analysis said the checkout page also carried a payment skimmer for credit-card theft, with the attack enabled by a malicious WordPress plugin; the initial breach remains unclear.
The FBI said Patel had divested from the merch business before becoming director and does not profit from it, but declined to say whether it is investigating.
The website breach adds to scrutiny after an Iranian-linked group published more than 300 emails from Patel's private Gmail account in March.
Apple's new security warns against malicious commands. How are hackers already one step ahead?
This Mac malware steals crypto by replacing wallet apps. Is your digital fortune secretly at risk?