{"id":45896,"date":"2025-12-25T21:36:11","date_gmt":"2025-12-25T21:36:11","guid":{"rendered":"https:\/\/eduzim.co.zw\/news\/?p=45896"},"modified":"2025-12-25T21:36:11","modified_gmt":"2025-12-25T21:36:11","slug":"fake-mas-windows-activation-domain-used-to-spread-powershell-malwareutm_sourcerss1-0mainlinkanonutm_mediumfeed","status":"publish","type":"post","link":"https:\/\/eduzim.co.zw\/news\/2025\/12\/25\/fake-mas-windows-activation-domain-used-to-spread-powershell-malwareutm_sourcerss1-0mainlinkanonutm_mediumfeed\/","title":{"rendered":"Fake MAS Windows Activation Domain Used To Spread PowerShell Malware"},"content":{"rendered":"<p> <script data-jetpack-boost=\"ignore\" async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1669381584671856\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Africa tv video display -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-1669381584671856\"\r\n     data-ad-slot=\"3579572842\"\r\n     data-ad-format=\"auto\"\r\n     data-full-width-responsive=\"true\"><\/ins>\r\n<script data-jetpack-boost=\"ignore\">\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div id=\"fhbody-180456521\">\n<div id=\"text-180456521\" class=\"p\">\n<p>\t\t\t\tAn anonymous reader shares a report:<i> A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the &#8216;Cosmali Loader&#8217;. BleepingComputer has found that multiple MAS users began reporting on Reddit yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.<\/i><\/p>\n<p>Based on the reports, attackers have set up a look-alike domain, &#8220;get[dot]activate[dot]win,&#8221; which closely resembles the legitimate one listed in the official MAS activation instructions, &#8220;get[dot]activated[dot]win.&#8221; Given that the difference between the two is a single character (&#8220;d&#8221;), the attackers bet on users mistyping the domain.<\/p>\n<\/div><\/div>\n<p><script data-jetpack-boost=\"ignore\" async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1669381584671856\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Africa tv video display -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-1669381584671856\"\r\n     data-ad-slot=\"3579572842\"\r\n     data-ad-format=\"auto\"\r\n     data-full-width-responsive=\"true\"><\/ins>\r\n<script data-jetpack-boost=\"ignore\">\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n#Fake #MAS #Windows #Activation #Domain #Spread #PowerShell #Malware<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An anonymous reader shares a report: A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute&hellip;<\/p>\n","protected":false},"author":1,"featured_media":36701,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-45896","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mzansi"],"_links":{"self":[{"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/posts\/45896","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/comments?post=45896"}],"version-history":[{"count":1,"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/posts\/45896\/revisions"}],"predecessor-version":[{"id":45897,"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/posts\/45896\/revisions\/45897"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/media\/36701"}],"wp:attachment":[{"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/media?parent=45896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/categories?post=45896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eduzim.co.zw\/news\/wp-json\/wp\/v2\/tags?post=45896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}