Weekly intelligence Jan 30 – Feb 5, 2023 13 min read

Infostealers Weekly Report: 2023-01-30 – 2023-02-05

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 192

Infections by country

Top 25 countries

#1 Brazil 7,260
#2 Mexico 3,821
#3 Egypt 3,534
#4 Colombia 2,675
#5 Peru 2,522
#6 Argentina 2,509
#7 Vietnam 2,310
#8 Pakistan 2,124
#9 Algeria 1,956
#10 Philippines 1,951
#11 Thailand 1,869
#12 Turkey 1,801
#13 Spain 1,773
#14 Morocco 1,591
#15 United States of America 1,410
#16 Bangladesh 1,336
#17 Chile 1,318
#18 Poland 1,156
#19 Ecuador 1,151
#20 Germany 1,125
#21 Venezuela 1,121
#22 France 1,101
#23 Bolivia 1,002
#24 India 842
#25 Romania 839

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 32,836 users
#2 facebook.com 29,757 users
#3 live.com 27,515 users
#4 discord.com 14,831 users
#5 netflix.com 13,820 users
#6 roblox.com 13,621 users
#7 instagram.com 13,561 users
#8 com.facebook.katana 13,112 users
#9 steampowered.com 11,344 users
#10 amazon.com 10,768 users
#11 twitter.com 10,731 users
#12 twitch.tv 10,070 users
#13 paypal.com 9,959 users
#14 com.netflix.mediaclient 9,166 users
#15 riotgames.com 8,878 users
#16 com.instagram.android 8,570 users
#17 mega.nz 8,445 users
#18 epicgames.com 8,425 users
#19 microsoftonline.com 8,128 users
#20 steamcommunity.com 7,397 users
#21 spotify.com 7,104 users
#22 apple.com 6,811 users
#23 linkedin.com 6,591 users
#24 com.spotify.music 6,371 users
#25 com.discord 6,288 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 173 employees
#2 secop.gov.co 98 employees
#3 freemail.hu 97 employees
#4 abv.bg 82 employees
#5 buenosaires.gob.ar 79 employees
#6 laureate.net 75 employees
#7 163.com 74 employees
#8 sempreser.com.br 67 employees
#9 inacap.cl 66 employees
#10 aruba.it 64 employees
#11 login.sp.gov.br 63 employees
#12 bcb.gov.br 62 employees
#13 utp.edu.pe 62 employees
#14 hostinger.com 59 employees
#15 tim.it 51 employees
#16 o2.pl 49 employees
#17 interia.pl 49 employees
#18 pec.it 49 employees
#19 upc.edu.pe 47 employees
#20 seznam.cz 46 employees
#21 qq.com 46 employees
#22 tigo.com.co 45 employees
#23 globo.com 45 employees
#24 confused.com 41 employees
#25 rockwellautomation.com 41 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 41 employees
#2 microsoft.com 25 employees
#3 att.com 6 employees
#4 spglobal.com 5 employees
#5 hp.com 5 employees
#6 ups.com 4 employees
#7 cognizant.com 4 employees
#8 netflix.com 4 employees
#9 google.com 4 employees
#10 publix.com 4 employees
#11 facebook.com 3 employees
#12 lear.com 3 employees
#13 ibm.com 3 employees
#14 twc.com 3 employees
#15 cisco.com 3 employees
#16 nike.com 3 employees
#17 airproducts.com 2 employees
#18 paypal.com 2 employees
#19 apple.com 2 employees
#20 pepsico.com 1 employees

Compromised users

#1 google.com 32,836 users
#2 facebook.com 29,757 users
#3 netflix.com 13,820 users
#4 amazon.com 10,768 users
#5 paypal.com 9,959 users
#6 apple.com 6,811 users
#7 ebay.com 1,683 users
#8 oracle.com 1,051 users
#9 hp.com 956 users
#10 nike.com 948 users
#11 microsoft.com 891 users
#12 cisco.com 875 users
#13 walmart.com 417 users
#14 ups.com 331 users
#15 ibm.com 293 users
#16 intel.com 270 users
#17 westernunion.com 269 users
#18 bestbuy.com 221 users
#19 fedex.com 182 users
#20 adp.com 156 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 116,511hits
#2 sso 30,145hits
#3 zoom 11,306hits
#4 webmail 4,241hits
#5 github 4,130hits
#6 adfs 3,857hits
#7 oracle 2,027hits
#8 sap 1,920hits
#9 owa 1,732hits
#10 zendesk 1,599hits
#11 vpn 1,123hits
#12 cpanel 1,076hits
#13 sts 1,042hits
#14 ping 1,028hits
#15 extranet 916hits
#16 webex 877hits
#17 ftp 831hits
#18 kaspersky 763hits
#19 st 583hits
#20 roundcube 526hits
#21 okta 380hits
#22 salesforce 247hits
#23 rlogin 225hits
#24 twilio 207hits
#25 gitlab 183hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

Free Tools Check your exposure