Weekly intelligence Feb 13 – Feb 19, 2023 12 min read

Infostealers Weekly Report: 2023-02-13 – 2023-02-19

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 193

Infections by country

Top 25 countries

#1 Brazil 4,211
#2 Egypt 2,976
#3 Mexico 2,157
#4 Philippines 1,862
#5 Vietnam 1,853
#6 Pakistan 1,654
#7 Turkey 1,577
#8 Colombia 1,525
#9 Thailand 1,521
#10 Algeria 1,406
#11 Poland 1,238
#12 Spain 1,178
#13 Peru 1,169
#14 Germany 1,122
#15 Morocco 1,120
#16 France 988
#17 Argentina 966
#18 United States of America 928
#19 India 925
#20 Bangladesh 896
#21 Italy 854
#22 Russia 830
#23 Iraq 822
#24 Venezuela 793
#25 Ecuador 735

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 22,335 users
#2 facebook.com 20,574 users
#3 live.com 18,275 users
#4 discord.com 9,862 users
#5 roblox.com 9,378 users
#6 instagram.com 9,052 users
#7 netflix.com 8,884 users
#8 com.facebook.katana 8,749 users
#9 twitter.com 7,131 users
#10 steampowered.com 7,085 users
#11 amazon.com 6,925 users
#12 twitch.tv 6,379 users
#13 paypal.com 6,088 users
#14 riotgames.com 5,632 users
#15 microsoftonline.com 5,631 users
#16 com.instagram.android 5,580 users
#17 com.netflix.mediaclient 5,518 users
#18 mega.nz 5,310 users
#19 epicgames.com 5,111 users
#20 steamcommunity.com 4,819 users
#21 apple.com 4,483 users
#22 spotify.com 4,444 users
#23 com.discord 4,227 users
#24 linkedin.com 4,195 users
#25 com.roblox.client 3,964 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 178 employees
#2 interia.pl 80 employees
#3 freemail.hu 72 employees
#4 aruba.it 64 employees
#5 pec.it 62 employees
#6 hostinger.com 58 employees
#7 o2.pl 57 employees
#8 tim.it 54 employees
#9 qq.com 48 employees
#10 laureate.net 46 employees
#11 secop.gov.co 46 employees
#12 163.com 43 employees
#13 abv.bg 43 employees
#14 skole.hr 36 employees
#15 banquemisr.com 36 employees
#16 hostgator.com 34 employees
#17 rediff.com 33 employees
#18 icicibank.com 31 employees
#19 secureserver.net 31 employees
#20 confused.com 31 employees
#21 telecom.pt 30 employees
#22 onet.pl 30 employees
#23 aiep.cl 29 employees
#24 mail.bg 29 employees
#25 sapo.pt 28 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 23 employees
#2 rockwellautomation.com 22 employees
#3 facebook.com 7 employees
#4 google.com 6 employees
#5 frontier.com 5 employees
#6 netflix.com 5 employees
#7 ford.com 5 employees
#8 publix.com 5 employees
#9 amazon.com 3 employees
#10 walmart.com 3 employees
#11 pepsico.com 2 employees
#12 jbhunt.com 2 employees
#13 goodyear.com 2 employees
#14 emerson.com 2 employees
#15 chs.net 1 employees
#16 lear.com 1 employees
#17 ge.com 1 employees
#18 cdw.com 1 employees
#19 att.com 1 employees
#20 cummins.com 1 employees

Compromised users

#1 google.com 22,335 users
#2 facebook.com 20,574 users
#3 netflix.com 8,884 users
#4 amazon.com 6,925 users
#5 paypal.com 6,088 users
#6 apple.com 4,483 users
#7 ebay.com 1,017 users
#8 oracle.com 741 users
#9 microsoft.com 612 users
#10 hp.com 611 users
#11 nike.com 555 users
#12 cisco.com 544 users
#13 walmart.com 261 users
#14 ibm.com 215 users
#15 ups.com 215 users
#16 westernunion.com 181 users
#17 intel.com 167 users
#18 fedex.com 121 users
#19 bestbuy.com 91 users
#20 adp.com 78 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 76,676hits
#2 sso 21,019hits
#3 zoom 7,182hits
#4 webmail 3,089hits
#5 github 3,085hits
#6 adfs 2,621hits
#7 oracle 1,396hits
#8 sap 1,128hits
#9 zendesk 981hits
#10 cpanel 784hits
#11 owa 778hits
#12 vpn 745hits
#13 sts 690hits
#14 ping 604hits
#15 extranet 584hits
#16 kaspersky 574hits
#17 webex 520hits
#18 ftp 456hits
#19 st 449hits
#20 roundcube 322hits
#21 okta 291hits
#22 salesforce 265hits
#23 gitlab 178hits
#24 rlogin 175hits
#25 twilio 121hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

Free Tools Check your exposure