Weekly intelligence Dec 26 – Jan 1, 2023 12 min read

Infostealers Weekly Report: 2022-12-26 – 2023-01-01

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 196

Infections by country

Top 25 countries

#1 Brazil 7,856
#2 Egypt 3,985
#3 Pakistan 2,471
#4 Thailand 2,428
#5 Mexico 2,403
#6 Vietnam 2,394
#7 Philippines 2,172
#8 Colombia 2,029
#9 Peru 1,842
#10 Morocco 1,810
#11 Algeria 1,774
#12 Argentina 1,721
#13 Bangladesh 1,686
#14 Turkey 1,621
#15 Poland 1,579
#16 India 1,548
#17 Indonesia 1,476
#18 Spain 1,309
#19 Russia 1,267
#20 Chile 1,242
#21 United States of America 1,171
#22 Romania 994
#23 Iraq 993
#24 Germany 964
#25 Sri Lanka 949

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 32,184 users
#2 facebook.com 29,160 users
#3 live.com 26,733 users
#4 discord.com 14,454 users
#5 instagram.com 13,878 users
#6 netflix.com 13,222 users
#7 roblox.com 13,127 users
#8 com.facebook.katana 13,059 users
#9 steampowered.com 10,915 users
#10 twitter.com 10,850 users
#11 amazon.com 10,380 users
#12 paypal.com 9,854 users
#13 twitch.tv 9,756 users
#14 com.instagram.android 8,844 users
#15 riotgames.com 8,819 users
#16 com.netflix.mediaclient 8,638 users
#17 epicgames.com 8,171 users
#18 microsoftonline.com 8,044 users
#19 mega.nz 8,035 users
#20 steamcommunity.com 7,712 users
#21 com.discord 6,806 users
#22 linkedin.com 6,492 users
#23 apple.com 6,490 users
#24 spotify.com 6,482 users
#25 com.spotify.music 6,273 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 227 employees
#2 freemail.hu 133 employees
#3 interia.pl 102 employees
#4 abv.bg 92 employees
#5 o2.pl 77 employees
#6 aruba.it 74 employees
#7 hostinger.com 74 employees
#8 laureate.net 66 employees
#9 tim.it 64 employees
#10 163.com 63 employees
#11 bcb.gov.br 58 employees
#12 pec.it 55 employees
#13 login.sp.gov.br 50 employees
#14 icicibank.com 50 employees
#15 onet.pl 49 employees
#16 seznam.cz 49 employees
#17 hostgator.com.br 44 employees
#18 secureserver.net 44 employees
#19 qq.com 43 employees
#20 mail.bg 42 employees
#21 buenosaires.gob.ar 41 employees
#22 jwpub.org 41 employees
#23 secop.gov.co 41 employees
#24 ig.com.br 40 employees
#25 skole.hr 40 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 34 employees
#2 microsoft.com 34 employees
#3 publix.com 8 employees
#4 netflix.com 8 employees
#5 halliburton.com 6 employees
#6 lear.com 5 employees
#7 google.com 4 employees
#8 ibm.com 4 employees
#9 twc.com 4 employees
#10 goodyear.com 4 employees
#11 metlife.com 3 employees
#12 abbott.com 3 employees
#13 generalmills.com 2 employees
#14 hp.com 2 employees
#15 oracle.com 2 employees
#16 paypal.com 2 employees
#17 cbre.com 1 employees
#18 apple.com 1 employees
#19 cablevision.com 1 employees
#20 intel.com 1 employees

Compromised users

#1 google.com 32,184 users
#2 facebook.com 29,160 users
#3 netflix.com 13,222 users
#4 amazon.com 10,380 users
#5 paypal.com 9,854 users
#6 apple.com 6,490 users
#7 ebay.com 1,587 users
#8 oracle.com 1,056 users
#9 nike.com 985 users
#10 hp.com 823 users
#11 cisco.com 782 users
#12 microsoft.com 775 users
#13 intel.com 342 users
#14 ups.com 313 users
#15 walmart.com 312 users
#16 ibm.com 294 users
#17 westernunion.com 274 users
#18 fedex.com 174 users
#19 bestbuy.com 152 users
#20 target.com 134 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 108,912hits
#2 sso 27,212hits
#3 zoom 11,082hits
#4 github 4,678hits
#5 webmail 3,728hits
#6 adfs 3,193hits
#7 oracle 1,973hits
#8 zendesk 1,832hits
#9 owa 1,310hits
#10 sap 1,293hits
#11 cpanel 1,042hits
#12 vpn 1,037hits
#13 ping 928hits
#14 sts 881hits
#15 kaspersky 723hits
#16 salesforce 711hits
#17 webex 671hits
#18 st 647hits
#19 extranet 625hits
#20 ftp 524hits
#21 roundcube 446hits
#22 okta 346hits
#23 twilio 266hits
#24 rlogin 247hits
#25 gitlab 219hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

Free Tools Check your exposure