Fake MAS Domain Distributes PowerShell Malware

December 24, 2025 at 05:44 PM

•

1 min read

Fake MAS Domain Distributes PowerShell Malware — Photo: BleepingComputer

TL;DR Summary

A malicious domain mimicking Microsoft's MAS tool was used to spread Cosmali Loader malware via PowerShell, exploiting user typos to infect Windows systems with cryptomining and RAT malware. Users are advised to verify commands and avoid executing untrusted remote code to prevent infection.

Topics:technology #cosmali-loader #mas #powershell-malware #security #typosquatting #windows-activation

Share this article

Fake MAS Windows activation domain used to spread PowerShell malware BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

90%

434 → 43 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights