Weekly intelligence May 23 – May 29, 2022 13 min read

Infostealers Weekly Report: 2022-05-23 – 2022-05-29

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 206

Infections by country

Top 25 countries

#1 Indonesia 19,544
#2 India 14,062
#3 Brazil 10,190
#4 Vietnam 9,326
#5 Philippines 6,391
#6 Pakistan 5,616
#7 Egypt 5,321
#8 Colombia 4,202
#9 Mexico 4,141
#10 Peru 3,564
#11 Thailand 3,285
#12 Argentina 3,118
#13 United States of America 2,535
#14 Bangladesh 2,481
#15 Ecuador 2,172
#16 Algeria 2,140
#17 Morocco 1,852
#18 Venezuela 1,831
#19 Germany 1,775
#20 Malaysia 1,725
#21 France 1,565
#22 Iraq 1,538
#23 Spain 1,537
#24 Sri Lanka 1,449
#25 Bolivia 1,433

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 101,184 users
#2 google.com 66,717 users
#3 facebook.com 58,727 users
#4 live.com 48,258 users
#5 instagram.com 24,981 users
#6 com.facebook.katana 24,882 users
#7 discord.com 24,794 users
#8 roblox.com 24,226 users
#9 netflix.com 21,824 users
#10 twitter.com 21,045 users
#11 amazon.com 18,146 users
#12 com.instagram.android 16,074 users
#13 steampowered.com 15,985 users
#14 paypal.com 15,200 users
#15 mega.nz 14,612 users
#16 microsoftonline.com 14,573 users
#17 twitch.tv 13,824 users
#18 com.netflix.mediaclient 13,602 users
#19 riotgames.com 13,289 users
#20 zoom.us 11,685 users
#21 linkedin.com 11,549 users
#22 epicgames.com 11,515 users
#23 com.discord 11,203 users
#24 apple.com 10,919 users
#25 com.spotify.music 10,829 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 1,286 employees
#2 icicibank.com 311 employees
#3 rediff.com 192 employees
#4 bni.co.id 131 employees
#5 163.com 126 employees
#6 hostinger.com 111 employees
#7 aiou.edu.pk 108 employees
#8 netpnb.com 105 employees
#9 secureserver.net 102 employees
#10 laureate.net 101 employees
#11 bobibanking.com 98 employees
#12 secop.gov.co 98 employees
#13 digimail.in 97 employees
#14 aruba.it 92 employees
#15 unionbankonline.co.in 88 employees
#16 pec.it 88 employees
#17 accenture.com 87 employees
#18 utp.edu.pe 84 employees
#19 interia.pl 70 employees
#20 jwpub.org 70 employees
#21 kemenag.go.id 69 employees
#22 tim.it 69 employees
#23 onet.pl 68 employees
#24 sp.gov.br 68 employees
#25 indusind.com 64 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 41 employees
#2 rockwellautomation.com 23 employees
#3 cognizant.com 17 employees
#4 hp.com 15 employees
#5 publix.com 14 employees
#6 honeywell.com 6 employees
#7 ibm.com 5 employees
#8 ford.com 5 employees
#9 aa.com 4 employees
#10 cisco.com 4 employees
#11 fedex.com 3 employees
#12 ncr.com 3 employees
#13 pfizer.com 3 employees
#14 oracle.com 3 employees
#15 amazon.com 3 employees
#16 jpmorganchase.com 3 employees
#17 manpowergroup.com 3 employees
#18 csc.com 3 employees
#19 pg.com 3 employees
#20 cbre.com 3 employees

Compromised users

#1 google.com 66,717 users
#2 facebook.com 58,727 users
#3 netflix.com 21,824 users
#4 amazon.com 18,146 users
#5 paypal.com 15,200 users
#6 apple.com 10,919 users
#7 ebay.com 2,405 users
#8 oracle.com 2,005 users
#9 cisco.com 1,545 users
#10 hp.com 1,276 users
#11 microsoft.com 1,215 users
#12 nike.com 935 users
#13 ibm.com 601 users
#14 walmart.com 495 users
#15 intel.com 478 users
#16 westernunion.com 379 users
#17 ups.com 366 users
#18 bestbuy.com 233 users
#19 fedex.com 222 users
#20 salesforce.com 195 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 219,940hits
#2 sso 70,613hits
#3 zoom 29,696hits
#4 github 9,716hits
#5 webmail 7,509hits
#6 adfs 7,253hits
#7 oracle 4,959hits
#8 sap 3,625hits
#9 zendesk 3,441hits
#10 owa 3,380hits
#11 cpanel 2,952hits
#12 webex 2,601hits
#13 vpn 2,583hits
#14 sts 2,495hits
#15 ping 2,456hits
#16 kaspersky 1,700hits
#17 st 1,611hits
#18 ftp 1,455hits
#19 extranet 1,350hits
#20 roundcube 955hits
#21 salesforce 843hits
#22 gitlab 781hits
#23 okta 511hits
#24 twilio 460hits
#25 git 423hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Free Tools Check your exposure