Weekly intelligence Aug 8 – Aug 14, 2022 13 min read

Infostealers Weekly Report: 2022-08-08 – 2022-08-14

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 212

Infections by country

Top 25 countries

#1 India 10,676
#2 Brazil 9,414
#3 Vietnam 8,074
#4 Mexico 6,143
#5 Indonesia 5,978
#6 Egypt 5,337
#7 Peru 4,930
#8 Thailand 4,626
#9 United States of America 4,531
#10 Turkey 4,431
#11 Philippines 4,288
#12 Colombia 4,143
#13 Argentina 3,668
#14 Spain 2,740
#15 Pakistan 2,719
#16 Poland 2,655
#17 Algeria 2,434
#18 Ecuador 2,409
#19 France 2,348
#20 Italy 2,269
#21 Morocco 2,099
#22 Germany 1,963
#23 Malaysia 1,780
#24 Bangladesh 1,769
#25 Bolivia 1,562

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 64,480 users
#2 facebook.com 56,904 users
#3 live.com 51,403 users
#4 44,147 users
#5 discord.com 27,338 users
#6 instagram.com 26,450 users
#7 netflix.com 25,667 users
#8 roblox.com 24,308 users
#9 com.facebook.katana 23,672 users
#10 twitter.com 22,341 users
#11 amazon.com 21,329 users
#12 steampowered.com 20,169 users
#13 twitch.tv 19,343 users
#14 paypal.com 18,316 users
#15 riotgames.com 16,931 users
#16 microsoftonline.com 16,220 users
#17 com.instagram.android 15,929 users
#18 mega.nz 15,830 users
#19 epicgames.com 15,703 users
#20 com.netflix.mediaclient 15,408 users
#21 steamcommunity.com 14,196 users
#22 com.spotify.music 13,625 users
#23 spotify.com 13,120 users
#24 com.discord 12,826 users
#25 apple.com 12,780 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 1,171 employees
#2 icicibank.com 276 employees
#3 rediff.com 177 employees
#4 aruba.it 159 employees
#5 laureate.net 153 employees
#6 interia.pl 148 employees
#7 163.com 141 employees
#8 qq.com 134 employees
#9 hostinger.com 128 employees
#10 o2.pl 128 employees
#11 tim.it 120 employees
#12 utp.edu.pe 112 employees
#13 secureserver.net 112 employees
#14 pec.it 106 employees
#15 telecom.pt 99 employees
#16 bcb.gov.br 98 employees
#17 freemail.hu 97 employees
#18 upc.edu.pe 86 employees
#19 abv.bg 85 employees
#20 onet.pl 81 employees
#21 accenture.com 81 employees
#22 secop.gov.co 81 employees
#23 sp.gov.br 80 employees
#24 jwpub.org 78 employees
#25 wp.pl 77 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 56 employees
#2 rockwellautomation.com 50 employees
#3 publix.com 21 employees
#4 cognizant.com 14 employees
#5 amazon.com 9 employees
#6 ibm.com 9 employees
#7 ups.com 8 employees
#8 averydennison.com 7 employees
#9 cbre.com 7 employees
#10 intel.com 6 employees
#11 netflix.com 5 employees
#12 hp.com 4 employees
#13 csc.com 3 employees
#14 frontier.com 3 employees
#15 nov.com 3 employees
#16 adm.com 3 employees
#17 twc.com 3 employees
#18 bakerhughes.com 3 employees
#19 att.com 3 employees
#20 google.com 3 employees

Compromised users

#1 google.com 64,480 users
#2 facebook.com 56,904 users
#3 netflix.com 25,667 users
#4 amazon.com 21,329 users
#5 paypal.com 18,316 users
#6 apple.com 12,780 users
#7 ebay.com 3,076 users
#8 oracle.com 2,320 users
#9 cisco.com 1,774 users
#10 microsoft.com 1,761 users
#11 nike.com 1,709 users
#12 hp.com 1,560 users
#13 walmart.com 800 users
#14 intel.com 635 users
#15 ups.com 634 users
#16 ibm.com 613 users
#17 westernunion.com 453 users
#18 bestbuy.com 431 users
#19 fedex.com 378 users
#20 adp.com 328 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 284,438hits
#2 sso 80,465hits
#3 zoom 31,778hits
#4 github 13,178hits
#5 adfs 11,639hits
#6 webmail 9,951hits
#7 oracle 6,298hits
#8 sap 4,441hits
#9 owa 4,038hits
#10 zendesk 4,005hits
#11 cpanel 3,187hits
#12 vpn 3,159hits
#13 sts 2,970hits
#14 webex 2,840hits
#15 ping 2,771hits
#16 extranet 2,359hits
#17 kaspersky 1,966hits
#18 ftp 1,885hits
#19 salesforce 1,728hits
#20 st 1,624hits
#21 roundcube 1,156hits
#22 okta 970hits
#23 gitlab 808hits
#24 imap 638hits
#25 dana-na 607hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Free Tools Check your exposure