Weekly intelligence Jul 11 – Jul 17, 2022 13 min read

Infostealers Weekly Report: 2022-07-11 – 2022-07-17

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 207

Infections by country

Top 25 countries

#1 Brazil 13,832
#2 Indonesia 12,418
#3 India 11,505
#4 Vietnam 7,462
#5 United States of America 7,384
#6 Egypt 4,970
#7 Philippines 4,715
#8 Pakistan 4,360
#9 Mexico 4,014
#10 Thailand 3,921
#11 Colombia 3,036
#12 Argentina 3,015
#13 Peru 2,952
#14 Poland 2,730
#15 Turkey 2,649
#16 Algeria 2,217
#17 France 2,145
#18 Germany 2,065
#19 Italy 1,959
#20 Spain 1,850
#21 Morocco 1,815
#22 Bangladesh 1,704
#23 Chile 1,677
#24 Venezuela 1,451
#25 Romania 1,339

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 64,385 users
#2 61,125 users
#3 facebook.com 55,458 users
#4 live.com 50,440 users
#5 discord.com 29,116 users
#6 instagram.com 27,467 users
#7 roblox.com 25,918 users
#8 netflix.com 25,554 users
#9 com.facebook.katana 23,134 users
#10 twitter.com 22,589 users
#11 amazon.com 21,914 users
#12 steampowered.com 20,776 users
#13 twitch.tv 20,511 users
#14 paypal.com 18,955 users
#15 riotgames.com 17,974 users
#16 epicgames.com 16,738 users
#17 com.instagram.android 16,577 users
#18 microsoftonline.com 15,745 users
#19 com.netflix.mediaclient 15,281 users
#20 mega.nz 15,279 users
#21 steamcommunity.com 15,073 users
#22 spotify.com 13,740 users
#23 com.spotify.music 13,719 users
#24 com.discord 13,112 users
#25 apple.com 12,643 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 1,066 employees
#2 icicibank.com 229 employees
#3 rediff.com 182 employees
#4 aruba.it 180 employees
#5 hostinger.com 157 employees
#6 interia.pl 150 employees
#7 o2.pl 143 employees
#8 pec.it 115 employees
#9 163.com 98 employees
#10 tim.it 96 employees
#11 bcb.gov.br 90 employees
#12 sp.gov.br 90 employees
#13 onet.pl 88 employees
#14 laureate.net 87 employees
#15 sempreser.com.br 85 employees
#16 netpnb.com 80 employees
#17 accenture.com 79 employees
#18 wp.pl 79 employees
#19 skole.hr 78 employees
#20 secureserver.net 78 employees
#21 ig.com.br 78 employees
#22 utp.edu.pe 75 employees
#23 jwpub.org 75 employees
#24 freemail.hu 74 employees
#25 bni.co.id 72 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 43 employees
#2 rockwellautomation.com 39 employees
#3 publix.com 29 employees
#4 ibm.com 16 employees
#5 amazon.com 12 employees
#6 netflix.com 11 employees
#7 cognizant.com 10 employees
#8 hp.com 8 employees
#9 salesforce.com 6 employees
#10 jpmorganchase.com 6 employees
#11 amerisourcebergen.com 6 employees
#12 facebook.com 4 employees
#13 oracle.com 4 employees
#14 cisco.com 4 employees
#15 staples.com 4 employees
#16 twc.com 4 employees
#17 ups.com 4 employees
#18 csc.com 3 employees
#19 ford.com 3 employees
#20 apple.com 3 employees

Compromised users

#1 google.com 64,385 users
#2 facebook.com 55,458 users
#3 netflix.com 25,554 users
#4 amazon.com 21,914 users
#5 paypal.com 18,955 users
#6 apple.com 12,643 users
#7 ebay.com 3,047 users
#8 oracle.com 2,245 users
#9 nike.com 1,779 users
#10 microsoft.com 1,587 users
#11 cisco.com 1,512 users
#12 hp.com 1,433 users
#13 walmart.com 786 users
#14 intel.com 630 users
#15 ibm.com 609 users
#16 ups.com 587 users
#17 bestbuy.com 457 users
#18 westernunion.com 428 users
#19 fedex.com 373 users
#20 adp.com 363 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 254,041hits
#2 sso 73,448hits
#3 zoom 26,672hits
#4 github 11,193hits
#5 adfs 10,055hits
#6 webmail 9,652hits
#7 oracle 5,280hits
#8 zendesk 3,851hits
#9 sap 3,768hits
#10 owa 3,518hits
#11 salesforce 2,857hits
#12 cpanel 2,845hits
#13 sts 2,788hits
#14 vpn 2,650hits
#15 ping 2,597hits
#16 webex 2,293hits
#17 ftp 1,662hits
#18 kaspersky 1,583hits
#19 st 1,325hits
#20 extranet 1,239hits
#21 roundcube 1,074hits
#22 okta 819hits
#23 gitlab 807hits
#24 twilio 501hits
#25 imap 328hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Free Tools Check your exposure