MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
mas
Search

Fake MAS Windows Activation Domain Used To Spread PowerShell Malware

Thursday December 25, 2025. 10:00 PM , from Slashdot
Fake MAS Windows Activation Domain Used To Spread PowerShell Malware
An anonymous reader shares a report: A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. BleepingComputer has found that multiple MAS users began reporting on Reddit yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

Based on the reports, attackers have set up a look-alike domain, 'get[dot]activate[dot]win,' which closely resembles the legitimate one listed in the official MAS activation instructions, 'get[dot]activated[dot]win.' Given that the difference between the two is a single character ('d'), the attackers bet on users mistyping the domain.

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/25/12/25/2058205/fake-mas-windows-activation-domain-used-to-spread-pow...

Related News

mas How to migrate to a new Windows PC ComputerWorldDec 25
domain How a $200 Fake Fireplace From Home Depot Soothed My Soul Wired: Tech.Dec 25
dot Fake Video Claiming 'Coup In France' Goes Viral SlashdotDec 25
activation Microsoft Says It's Not Planning To Use AI To Rewrite Windows From C To Rust SlashdotDec 24
powershell Microsoft is not rewriting Windows in Rust ComputerWorldDec 24
used Microsoft is not rewriting Windows in Rust InfoWorldDec 24
windows Keeping Windows and macOS alive past their sell-by date TheRegisterDec 24
win Windows is testing a new, wider Run dialog box. Here’s how to try it TheRegisterDec 23
fake Pizza restaurant signage caught serving raw Windows TheRegisterDec 23
users What the Linux Desktop Really Needs To Challenge Windows SlashdotDec 22
attackers What the Linux desktop really needs to challenge Windows TheRegisterDec 22
scripts Microsoft brings Ask Copilot and Agents to the Windows 11 taskbar for business users BetaNewsDec 22
'get In 2025 Scammers Have Stolen $835M from Americans Using Fake Customer Service Numbers SlashdotDec 22
systems Tim Ferriss's audience is larger than NYC. He now carries a gun, uses fake names at hotels, and gets monthly death threats BoingBoingDec 21
spread ATM jackpotting gang accused of unleashing Ploutus malware across US TheRegisterDec 19
mas Microsoft releases emergency patch for Windows 10 to fix Message Queuing problems BetaNewsDec 19
domain YouTube Shuts Down Channels Using AI To Create Fake Movie Trailers SlashdotDec 18
dot Mass registration of fake online shops originates from China BetaNewsDec 17
activation Microsoft now runs resource-hogging AppX Deployment Service at Windows 11 startup BetaNewsDec 17
powershell Microsoft Will Finally Kill an Encryption Cipher That Enabled a Decade of Windows Hacks Wired: Tech.Dec 17
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Dec, Fri 26 - 01:14 CET