Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Nov 13 – Nov 20, 2023 12 min read

Infostealers Weekly Report: 2023-11-13 – 2023-11-20

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 66,105 Compromised Machines
#2 8,033 Compromised Employees
#3 36,284 Compromised Users
#4 21,788 Compromised Androids
#5 145,992 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 175
Infections by country

Top 25 countries

  1. #1 Brazil 2,012
  2. #2 Turkey 1,736
  3. #3 Mexico 1,345
  4. #4 Pakistan 1,000
  5. #5 Philippines 955
  6. #6 Colombia 866
  7. #7 Peru 864
  8. #8 Thailand 857
  9. #9 Egypt 746
  10. #10 Algeria 707
  11. #11 Bangladesh 654
  12. #12 Argentina 627
  13. #13 Vietnam 562
  14. #14 Morocco 532
  15. #15 Chile 520
  16. #16 Ecuador 516
  17. #17 Spain 424
  18. #18 Malaysia 385
  19. #19 Iraq 330
  20. #20 Venezuela 323
  21. #21 Sri Lanka 311
  22. #22 Bolivia 306
  23. #23 Nigeria 277
  24. #24 South Africa 268
  25. #25 Dominican Republic 264

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 26,920 users
  2. #2 facebook.com 24,985 users
  3. #3 live.com 23,406 users
  4. #4 instagram.com 11,968 users
  5. #5 com.facebook.katana 11,651 users
  6. #6 netflix.com 11,099 users
  7. #7 discord.com 10,742 users
  8. #8 roblox.com 9,383 users
  9. #9 amazon.com 8,929 users
  10. #10 twitter.com 8,666 users
  11. #11 com.netflix.mediaclient 8,169 users
  12. #12 steampowered.com 8,039 users
  13. #13 com.instagram.android 7,464 users
  14. #14 microsoftonline.com 7,230 users
  15. #15 mega.nz 7,225 users
  16. #16 paypal.com 7,115 users
  17. #17 apple.com 6,344 users
  18. #18 twitch.tv 6,136 users
  19. #19 spotify.com 5,925 users
  20. #20 linkedin.com 5,866 users
  21. #21 riotgames.com 5,846 users
  22. #22 zoom.us 5,237 users
  23. #23 epicgames.com 4,998 users
  24. #24 com.roblox.client 4,863 users
  25. #25 com.discord 4,723 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 106 employees
  2. #2 laureate.net 78 employees
  3. #3 secop.gov.co 76 employees
  4. #4 utp.edu.pe 72 employees
  5. #5 jwpub.org 67 employees
  6. #6 qq.com 67 employees
  7. #7 wp.pl 62 employees
  8. #8 rockwellautomation.com 56 employees
  9. #9 aruba.it 51 employees
  10. #10 163.com 50 employees
  11. #11 bluehost.com 49 employees
  12. #12 banquemisr.com 47 employees
  13. #13 ionos.mx 44 employees
  14. #14 aiou.edu.pk 44 employees
  15. #15 yandex.com.tr 44 employees
  16. #16 pec.it 42 employees
  17. #17 login.sp.gov.br 42 employees
  18. #18 mail.tm 39 employees
  19. #19 secureserver.net 37 employees
  20. #20 uce.edu.ec 36 employees
  21. #21 cibertec.edu.pe 36 employees
  22. #22 pnp.gov.ph 34 employees
  23. #23 ig.com.br 34 employees
  24. #24 abv.bg 33 employees
  25. #25 buenosaires.gob.ar 32 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 56 employees
  2. #2 microsoft.com 15 employees
  3. #3 netflix.com 9 employees
  4. #4 netapp.com 7 employees
  5. #5 cisco.com 7 employees
  6. #6 lear.com 6 employees
  7. #7 amazon.com 6 employees
  8. #8 honeywell.com 4 employees
  9. #9 salesforce.com 4 employees
  10. #10 fedex.com 4 employees
  11. #11 johnsoncontrols.com 4 employees
  12. #12 metlife.com 3 employees
  13. #13 intel.com 2 employees
  14. #14 quantaservices.com 2 employees
  15. #15 micron.com 2 employees
  16. #16 jpmorganchase.com 2 employees
  17. #17 essendant.com 1 employees
  18. #18 ncr.com 1 employees
  19. #19 aa.com 1 employees
  20. #20 costco.com 1 employees

Compromised users

  1. #1 google.com 26,920 users
  2. #2 facebook.com 24,985 users
  3. #3 netflix.com 11,099 users
  4. #4 amazon.com 8,929 users
  5. #5 paypal.com 7,115 users
  6. #6 apple.com 6,344 users
  7. #7 ebay.com 1,357 users
  8. #8 microsoft.com 1,015 users
  9. #9 oracle.com 927 users
  10. #10 cisco.com 845 users
  11. #11 hp.com 832 users
  12. #12 nike.com 744 users
  13. #13 walmart.com 333 users
  14. #14 ibm.com 295 users
  15. #15 westernunion.com 247 users
  16. #16 ups.com 218 users
  17. #17 intel.com 163 users
  18. #18 fedex.com 144 users
  19. #19 salesforce.com 137 users
  20. #20 westerndigital.com 112 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

11,651 users

#2

Netflix

netflix.com · com.netflix.mediaclient

8,169 users

#3

Instagram

instagram.com · com.instagram.android

7,464 users

#4

Roblox

roblox.com · com.roblox.client

4,863 users

#5

Discord

discord.com · com.discord

4,723 users

#6

Spotify

spotify.com · com.spotify.music

4,380 users

#7

Twitch

app.com · tv.twitch.android.app

4,290 users

#8

Twitter

twitter.com · com.twitter.android

3,345 users

#9

Snapchat

snapchat.com · com.snapchat.android

2,859 users

#10

Disney

disney.com · com.disney.disneyplus

2,555 users

#11

Mercadolibre

mercadolibre.com · com.mercadolibre

2,241 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

2,198 users

#13

Mega

app.com · mega.privacy.android.app

1,884 users

#14

Wish

contextlogic.com · com.contextlogic.wish

1,855 users

#15

Zoom

videomeetings.com · us.zoom.videomeetings

1,755 users

#16

Alibaba

alibaba.com · com.alibaba.aliexpresshd

1,594 users

#17

LinkedIn

linkedin.com · com.linkedin.android

1,507 users

#18

Waze

waze.com · com.waze

1,500 users

#19

Xiaomi

xiaomi.com · com.xiaomi.account

1,334 users

#20

Pinterest

pinterest.com · com.pinterest

805 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 936,551 users
  2. #2 hotmail.com 169,032 users
  3. #3 yahoo.com 37,241 users
  4. #4 outlook.com 30,450 users
  5. #5 icloud.com 6,600 users
  6. #6 live.com 5,481 users
  7. #7 yahoo.com.br 4,857 users
  8. #8 hotmail.es 3,648 users
  9. #9 hotmail.fr 3,310 users
  10. #10 mail.ru 2,773 users
  11. #11 yahoo.fr 2,515 users
  12. #12 msn.com 1,997 users
  13. #13 mail.com 1,665 users
  14. #14 live.com.mx 1,349 users
  15. #15 free.fr 1,335 users
  16. #16 libero.it 1,225 users
  17. #17 yahoo.com.ar 1,038 users
  18. #18 email.com 1,020 users
  19. #19 yandex.com 919 users
  20. #20 protonmail.com 811 users
  21. #21 yandex.ru 788 users
  22. #22 ymail.com 739 users
  23. #23 aol.com 724 users
  24. #24 att.net 682 users
  25. #25 yahoo.com.mx 622 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 24,985 accounts
  2. #2 twitter.com 8,666 accounts
  3. #3 instagram.com 11,968 accounts
  4. #4 linkedin.com 5,866 accounts
  5. #5 pinterest.com 1,832 accounts
  6. #6 tiktok.com 1,954 accounts
  7. #7 snapchat.com 2,157 accounts
  8. #8 reddit.com 823 accounts
  9. #9 youtube.com 145 accounts
  10. #10 weibo.com 56 accounts
  11. #11 vk.com 1,464 accounts
  12. #12 telegram.org 195 accounts
  13. #13 tumblr.com 692 accounts
  14. #14 discord.com 10,742 accounts
  15. #15 flickr.com 299 accounts
  16. #16 myspace.com 28 accounts
  17. #17 badoo.com 284 accounts
  18. #18 meetup.com 27 accounts
  19. #19 quora.com 135 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 RedLine 64,929machines
  2. #2 Generic Stealer 1,176machines

Anti-virus Coverage

  1. #1 Windows Defender 58,940machines
  2. #2 Avast Antivirus 2,134machines
  3. #3 Reason Cybersecurity 1,557machines
  4. #4 360 Total Security 1,529machines
  5. #5 McAfee Firewall 988machines
  6. #6 McAfee VirusScan 666machines
  7. #7 AVG Antivirus 555machines
  8. #8 ESET Security 430machines
  9. #9 VirusScan de McAfee 356machines
  10. #10 Kaspersky Internet Security 349machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 98,082hits
  2. #2 sso 23,736hits
  3. #3 zoom 11,150hits
  4. #4 github 4,260hits
  5. #5 webmail 3,783hits
  6. #6 adfs 2,938hits
  7. #7 oracle 1,730hits
  8. #8 sap 1,640hits
  9. #9 cpanel 1,630hits
  10. #10 zendesk 1,618hits
  11. #11 salesforce 1,593hits
  12. #12 owa 1,294hits
  13. #13 vpn 1,071hits
  14. #14 ping 1,006hits
  15. #15 extranet 778hits
  16. #16 ftp 759hits
  17. #17 kaspersky 707hits
  18. #18 sts 685hits
  19. #19 webex 592hits
  20. #20 okta 537hits
  21. #21 st 487hits
  22. #22 roundcube 398hits
  23. #23 twilio 251hits
  24. #24 gitlab 216hits
  25. #25 zimbra 124hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure