Cybercriminals are exploiting a common user error to distribute malicious PowerShell scripts. A fake website designed to look like the legitimate Microsoft Activation Scripts (MAS) domain has been identified as the source of these attacks.
The attackers registered a domain, "get[dot]activate[dot]win," which is a mere one character different from the actual MAS domain, "get[dot]activated[dot]win." This subtle alteration is intended to trick users who might mistype the URL when searching for activation scripts. Once a user lands on the fake site, they are likely to be exposed to malicious Pow erShell scripts that, if executed, can infect Windows systems with the 'Cosmali Loader' malware. Users have begun reporting infections, prompting this warning.
The Cosmali Loader is a type of malware designed to compromise Windows systems. By leveraging a typosquatted domain that mimics a trusted tool, the attackers are employing a sophisticated social engineering tactic to ensnare unsuspecting users. It's a stark reminder of the importance of verifying website URLs, especially when dealing with system-critical tools like activation scripts.
Artículos relacionados de LaRebeli ón:
- Windows con IA y Rust Microsoft aclara rumores
- Dragon de Tinta Hackers Chinos Atacan con Malware Avanzado
- Canada Reduce Normas Climaticas Mas Inversion
- Claude Opus 45 IA Mas Barata y Potente
- Gemini 3 La IA mas inteligente de Google
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario