Weekly intelligence Feb 20 – Feb 26, 2023 12 min read

Infostealers Weekly Report: 2023-02-20 – 2023-02-26

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 186

Infections by country

Top 25 countries

#1 Brazil 2,832
#2 Mexico 2,466
#3 Vietnam 1,959
#4 Egypt 1,768
#5 Philippines 1,528
#6 Peru 1,408
#7 Colombia 1,301
#8 Thailand 1,270
#9 Pakistan 1,202
#10 Turkey 1,070
#11 Argentina 1,062
#12 Spain 921
#13 United States of America 841
#14 Poland 772
#15 Algeria 740
#16 Morocco 697
#17 Venezuela 665
#18 Germany 612
#19 Chile 579
#20 Romania 546
#21 Ecuador 535
#22 Italy 511
#23 Bangladesh 498
#24 France 489
#25 India 468

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 17,371 users
#2 facebook.com 16,039 users
#3 live.com 14,628 users
#4 discord.com 7,959 users
#5 roblox.com 7,447 users
#6 netflix.com 7,422 users
#7 instagram.com 7,194 users
#8 com.facebook.katana 6,974 users
#9 steampowered.com 5,739 users
#10 amazon.com 5,597 users
#11 twitter.com 5,593 users
#12 twitch.tv 5,309 users
#13 riotgames.com 5,117 users
#14 paypal.com 4,908 users
#15 com.netflix.mediaclient 4,718 users
#16 com.instagram.android 4,615 users
#17 microsoftonline.com 4,577 users
#18 mega.nz 4,517 users
#19 epicgames.com 4,398 users
#20 steamcommunity.com 3,825 users
#21 spotify.com 3,672 users
#22 apple.com 3,662 users
#23 com.discord 3,514 users
#24 linkedin.com 3,324 users
#25 com.roblox.client 3,311 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 122 employees
#2 laureate.net 62 employees
#3 utp.edu.pe 60 employees
#4 o2.pl 54 employees
#5 163.com 49 employees
#6 aruba.it 47 employees
#7 freemail.hu 44 employees
#8 hostinger.com 43 employees
#9 sempreser.com.br 41 employees
#10 secop.gov.co 40 employees
#11 buenosaires.gob.ar 40 employees
#12 bcb.gov.br 36 employees
#13 interia.pl 35 employees
#14 abv.bg 33 employees
#15 pec.it 33 employees
#16 pronabec.edu.pe 32 employees
#17 secureserver.net 30 employees
#18 qq.com 30 employees
#19 inacap.cl 30 employees
#20 banquemisr.com 28 employees
#21 cibertec.edu.pe 26 employees
#22 telecom.pt 26 employees
#23 tim.it 25 employees
#24 deped.gov.ph 24 employees
#25 onet.pl 23 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 21 employees
#2 microsoft.com 14 employees
#3 google.com 5 employees
#4 publix.com 3 employees
#5 hanes.com 2 employees
#6 nucor.com 2 employees
#7 dana.com 2 employees
#8 jpmorganchase.com 2 employees
#9 amazon.com 2 employees
#10 apple.com 2 employees
#11 netflix.com 2 employees
#12 abbvie.com 1 employees
#13 ups.com 1 employees
#14 lilly.com 1 employees
#15 firstam.com 1 employees
#16 metlife.com 1 employees
#17 csc.com 1 employees
#18 vfc.com 1 employees
#19 disney.com 1 employees

Compromised users

#1 google.com 17,371 users
#2 facebook.com 16,039 users
#3 netflix.com 7,422 users
#4 amazon.com 5,597 users
#5 paypal.com 4,908 users
#6 apple.com 3,662 users
#7 ebay.com 853 users
#8 microsoft.com 518 users
#9 oracle.com 492 users
#10 nike.com 487 users
#11 hp.com 485 users
#12 cisco.com 482 users
#13 walmart.com 201 users
#14 ups.com 164 users
#15 intel.com 153 users
#16 ibm.com 144 users
#17 westernunion.com 114 users
#18 fedex.com 102 users
#19 bestbuy.com 87 users
#20 adp.com 64 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 58,831hits
#2 sso 14,964hits
#3 zoom 6,492hits
#4 github 2,358hits
#5 adfs 2,000hits
#6 webmail 1,851hits
#7 oracle 912hits
#8 sap 824hits
#9 owa 799hits
#10 zendesk 791hits
#11 vpn 604hits
#12 sts 451hits
#13 ping 449hits
#14 cpanel 448hits
#15 webex 416hits
#16 kaspersky 368hits
#17 extranet 321hits
#18 st 308hits
#19 ftp 275hits
#20 salesforce 191hits
#21 roundcube 191hits
#22 okta 180hits
#23 twilio 102hits
#24 gitlab 90hits
#25 imap 90hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

Free Tools Check your exposure