Infostealers Weekly Report: 2024-08-05 – 2024-08-12
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 562
- #2 Brazil 558
- #3 Pakistan 427
- #4 Turkey 410
- #5 Indonesia 308
- #6 Mexico 275
- #7 Argentina 269
- #8 Colombia 266
- #9 Thailand 253
- #10 Philippines 232
- #11 Peru 221
- #12 Vietnam 208
- #13 Bangladesh 178
- #14 Egypt 174
- #15 United States of America 149
- #16 Taiwan 142
- #17 Spain 141
- #18 Algeria 141
- #19 Poland 124
- #20 Venezuela 124
- #21 South Korea 122
- #22 Romania 114
- #23 Iraq 112
- #24 Chile 110
- #25 Morocco 108
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 9,322 users
-
#2
facebook.com 7,667 users
-
#3
live.com 7,606 users
-
#4
discord.com 5,123 users
-
#5
instagram.com 4,353 users
-
#6
roblox.com 4,351 users
-
#7
netflix.com 3,911 users
-
#8
com.facebook.katana 3,760 users
-
#9
steampowered.com 3,704 users
-
#10
amazon.com 3,098 users
-
#11
twitch.tv 2,968 users
-
#12
riotgames.com 2,831 users
-
#13
twitter.com 2,746 users
-
#14
com.instagram.android 2,729 users
-
#15
paypal.com 2,723 users
-
#16
epicgames.com 2,682 users
-
#17
spotify.com 2,614 users
-
#18
com.netflix.mediaclient 2,583 users
-
#19
steamcommunity.com 2,534 users
-
#20
apple.com 2,352 users
-
#21
microsoftonline.com 2,234 users
-
#22
com.roblox.client 2,162 users
-
#23
mega.nz 2,117 users
-
#24
com.discord 2,063 users
-
#25
rockstargames.com 1,939 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
firstmail.ltd 68 employees
-
#2
163.com 46 employees
-
#3
wp.pl 44 employees
-
#4
hostinger.com 43 employees
-
#5
qq.com 34 employees
-
#6
freemail.hu 27 employees
-
#7
abv.bg 23 employees
-
#8
rediff.com 22 employees
-
#9
icicibank.com 21 employees
-
#10
o2.pl 20 employees
-
#11
interia.pl 19 employees
-
#12
naver.com 19 employees
-
#13
laureate.net 19 employees
-
#14
yandex.com.tr 17 employees
-
#15
secureserver.net 17 employees
-
#16
zsthost.com 16 employees
-
#17
onet.pl 15 employees
-
#18
secop.gov.co 15 employees
-
#19
papassgame.com 15 employees
-
#20
mail.tm 14 employees
-
#21
buenosaires.gob.ar 14 employees
-
#22
sts.net.pk 13 employees
-
#23
watchit.com 13 employees
-
#24
seznam.cz 13 employees
-
#25
santander.com.br 12 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
rockwellautomation.com 6 employees
-
#2
-
#3
microsoft.com 4 employees
-
#4
publix.com 3 employees
-
#5
cognizant.com 3 employees
-
#6
jbhunt.com 2 employees
-
#7
salesforce.com 2 employees
-
#8
gm.com 2 employees
-
#9
-
#10
allstate.com 1 employees
-
#11
ge.com 1 employees
-
#12
-
#13
genworth.com 1 employees
-
#14
aa.com 1 employees
-
#15
oracle.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 339 users
-
#8
nike.com 335 users
-
#9
-
#10
hp.com 264 users
-
#11
-
#12
cisco.com 199 users
-
#13
walmart.com 141 users
-
#14
intel.com 99 users
-
#15
ups.com 94 users
-
#16
ibm.com 94 users
-
#17
westernunion.com 84 users
-
#18
bestbuy.com 80 users
-
#19
target.com 65 users
-
#20
fedex.com 56 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
3,760 users
2,729 users
Netflix
2,583 users
Roblox
2,162 users
Discord
2,063 users
Twitch
1,729 users
Spotify
1,600 users
Snapchat
1,230 users
1,147 users
981 users
PayPal
759 users
Wish
678 users
Disney
664 users
Mega
602 users
Zoom
497 users
Mercadolibre
449 users
Xiaomi
422 users
398 users
Waze
349 users
Alibaba
323 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 372,369 users
-
#2
hotmail.com 39,923 users
-
#3
yahoo.com 13,909 users
-
#4
outlook.com 10,275 users
-
#5
icloud.com 3,610 users
-
#6
-
#7
hotmail.fr 1,082 users
-
#8
msn.com 1,017 users
-
#9
mail.ru 895 users
-
#10
web.de 868 users
-
#11
hotmail.es 674 users
-
#12
gmx.de 649 users
-
#13
yahoo.fr 611 users
-
#14
aol.com 596 users
-
#15
free.fr 490 users
-
#16
yahoo.com.br 490 users
-
#17
protonmail.com 367 users
-
#18
ymail.com 359 users
-
#19
hotmail.co.uk 330 users
-
#20
yandex.com 303 users
-
#21
email.com 288 users
-
#22
yahoo.de 281 users
-
#23
yahoo.co.id 267 users
-
#24
mail.com 263 users
-
#25
yahoo.com.ar 259 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 Generic Stealer 5,084machines
- #2 Vidar 4,046machines
- #3 RedLine 3,926machines
- #4 Lumma 1,336machines
- #5 DarkCrystal 4machines
Anti-virus Coverage
- #1 Windows Defender 7,553machines
- #2 Reason Cybersecurity 768machines
- #3 Unknown 594machines
- #4 Avast Antivirus 170machines
- #5 360 Total Security 154machines
- #6 McAfee 83machines
- #7 Windows Defender [ON] 72machines
- #8 McAfee Firewall 52machines
- #9 AVG Antivirus 52machines
- #10 ESET Security 50machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 39,538hits
- #2 sso 9,673hits
- #3 zoom 2,780hits
- #4 github 2,273hits
- #5 webmail 1,111hits
- #6 adfs 1,057hits
- #7 oracle 635hits
- #8 zendesk 546hits
- #9 cpanel 506hits
- #10 sap 490hits
- #11 vpn 469hits
- #12 sts 374hits
- #13 ping 327hits
- #14 owa 299hits
- #15 kaspersky 259hits
- #16 st 226hits
- #17 roundcube 206hits
- #18 ftp 180hits
- #19 webex 148hits
- #20 okta 140hits
- #21 extranet 133hits
- #22 salesforce 131hits
- #23 imap 113hits
- #24 twilio 108hits
- #25 gitlab 51hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.