Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Jun 20 – Jun 26, 2022 13 min read

Infostealers Weekly Report: 2022-06-20 – 2022-06-26

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 209
Infections by country

Top 25 countries

  1. #1 Indonesia 19,220
  2. #2 India 12,715
  3. #3 Brazil 8,736
  4. #4 Vietnam 8,583
  5. #5 Pakistan 4,617
  6. #6 Philippines 4,232
  7. #7 Egypt 4,157
  8. #8 Mexico 4,104
  9. #9 United States of America 3,422
  10. #10 Colombia 3,209
  11. #11 Thailand 3,160
  12. #12 Peru 3,008
  13. #13 Argentina 2,791
  14. #14 Poland 2,221
  15. #15 Algeria 2,147
  16. #16 Morocco 1,811
  17. #17 Germany 1,780
  18. #18 Ecuador 1,673
  19. #19 Turkey 1,540
  20. #20 Venezuela 1,509
  21. #21 France 1,380
  22. #22 Malaysia 1,311
  23. #23 Spain 1,307
  24. #24 Bangladesh 1,293
  25. #25 Italy 1,280

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 75,161 users
  2. #2 google.com 55,765 users
  3. #3 facebook.com 48,206 users
  4. #4 live.com 40,875 users
  5. #5 discord.com 21,814 users
  6. #6 instagram.com 21,566 users
  7. #7 roblox.com 20,664 users
  8. #8 com.facebook.katana 20,492 users
  9. #9 netflix.com 19,593 users
  10. #10 twitter.com 18,422 users
  11. #11 amazon.com 16,168 users
  12. #12 steampowered.com 14,548 users
  13. #13 paypal.com 13,936 users
  14. #14 com.instagram.android 13,750 users
  15. #15 twitch.tv 13,388 users
  16. #16 mega.nz 12,697 users
  17. #17 riotgames.com 12,693 users
  18. #18 microsoftonline.com 11,932 users
  19. #19 com.netflix.mediaclient 11,870 users
  20. #20 epicgames.com 11,009 users
  21. #21 com.discord 10,243 users
  22. #22 linkedin.com 10,235 users
  23. #23 com.spotify.music 10,124 users
  24. #24 steamcommunity.com 9,902 users
  25. #25 apple.com 9,845 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 1,127 employees
  2. #2 icicibank.com 240 employees
  3. #3 rediff.com 163 employees
  4. #4 hostinger.com 111 employees
  5. #5 aruba.it 110 employees
  6. #6 netpnb.com 95 employees
  7. #7 bni.co.id 95 employees
  8. #8 interia.pl 92 employees
  9. #9 sp.gov.br 86 employees
  10. #10 bcb.gov.br 84 employees
  11. #11 secop.gov.co 82 employees
  12. #12 kemenag.go.id 82 employees
  13. #13 o2.pl 82 employees
  14. #14 aiou.edu.pk 79 employees
  15. #15 secureserver.net 79 employees
  16. #16 163.com 79 employees
  17. #17 pec.it 79 employees
  18. #18 digimail.in 76 employees
  19. #19 accenture.com 76 employees
  20. #20 laureate.net 70 employees
  21. #21 freemail.hu 61 employees
  22. #22 qq.com 61 employees
  23. #23 telecom.pt 58 employees
  24. #24 jwpub.org 58 employees
  25. #25 onet.pl 57 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 44 employees
  2. #2 rockwellautomation.com 25 employees
  3. #3 amazon.com 14 employees
  4. #4 cognizant.com 9 employees
  5. #5 publix.com 9 employees
  6. #6 netflix.com 6 employees
  7. #7 oracle.com 4 employees
  8. #8 hp.com 4 employees
  9. #9 johnsoncontrols.com 4 employees
  10. #10 att.com 4 employees
  11. #11 honeywell.com 4 employees
  12. #12 ge.com 3 employees
  13. #13 paypal.com 3 employees
  14. #14 gm.com 3 employees
  15. #15 agcocorp.com 2 employees
  16. #16 newmont.com 2 employees
  17. #17 harman.com 2 employees
  18. #18 twc.com 2 employees
  19. #19 google.com 2 employees
  20. #20 henryschein.com 2 employees

Compromised users

  1. #1 google.com 55,765 users
  2. #2 facebook.com 48,206 users
  3. #3 netflix.com 19,593 users
  4. #4 amazon.com 16,168 users
  5. #5 paypal.com 13,936 users
  6. #6 apple.com 9,845 users
  7. #7 ebay.com 2,296 users
  8. #8 oracle.com 1,724 users
  9. #9 cisco.com 1,333 users
  10. #10 hp.com 1,138 users
  11. #11 microsoft.com 1,106 users
  12. #12 nike.com 1,066 users
  13. #13 walmart.com 588 users
  14. #14 ibm.com 489 users
  15. #15 intel.com 468 users
  16. #16 westernunion.com 353 users
  17. #17 ups.com 350 users
  18. #18 bestbuy.com 274 users
  19. #19 fedex.com 240 users
  20. #20 target.com 216 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 193,178hits
  2. #2 sso 65,536hits
  3. #3 zoom 24,509hits
  4. #4 github 8,519hits
  5. #5 webmail 7,575hits
  6. #6 adfs 7,107hits
  7. #7 oracle 4,655hits
  8. #8 zendesk 3,025hits
  9. #9 sap 2,923hits
  10. #10 owa 2,690hits
  11. #11 ping 2,367hits
  12. #12 webex 2,353hits
  13. #13 vpn 2,312hits
  14. #14 cpanel 2,253hits
  15. #15 sts 2,001hits
  16. #16 kaspersky 1,413hits
  17. #17 ftp 1,397hits
  18. #18 extranet 1,385hits
  19. #19 st 1,355hits
  20. #20 salesforce 867hits
  21. #21 roundcube 836hits
  22. #22 okta 655hits
  23. #23 gitlab 478hits
  24. #24 twilio 352hits
  25. #25 imap 331hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

  • 16K machines
  • 4K users
  • 200K domains
View report →
Free Tools Check your exposure