Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Aug 12 – Aug 19, 2024 14 min read

Infostealers Weekly Report: 2024-08-12 – 2024-08-19

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 73,064 Compromised Machines
#2 14,837 Compromised Employees
#3 22,835 Compromised Users
#4 35,392 Compromised Androids
#5 497,542 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 209
Infections by country

Top 25 countries

  1. #1 India 5,868
  2. #2 Indonesia 5,273
  3. #3 Brazil 4,655
  4. #4 Thailand 4,249
  5. #5 Egypt 3,806
  6. #6 Pakistan 2,996
  7. #7 Turkey 2,607
  8. #8 Mexico 2,516
  9. #9 Vietnam 2,115
  10. #10 Argentina 2,083
  11. #11 Philippines 1,927
  12. #12 Colombia 1,889
  13. #13 Peru 1,534
  14. #14 Spain 1,306
  15. #15 Algeria 1,138
  16. #16 Chile 985
  17. #17 Morocco 893
  18. #18 South Korea 876
  19. #19 Bangladesh 865
  20. #20 Taiwan 865
  21. #21 Saudi Arabia 761
  22. #22 Ecuador 717
  23. #23 Poland 712
  24. #24 Iraq 646
  25. #25 United States of America 632

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 45,992 users
  2. #2 facebook.com 39,298 users
  3. #3 live.com 36,492 users
  4. #4 instagram.com 20,750 users
  5. #5 com.facebook.katana 19,044 users
  6. #6 netflix.com 18,614 users
  7. #7 discord.com 17,249 users
  8. #8 amazon.com 14,726 users
  9. #9 twitter.com 13,503 users
  10. #10 steampowered.com 13,449 users
  11. #11 com.instagram.android 13,267 users
  12. #12 roblox.com 13,047 users
  13. #13 com.netflix.mediaclient 12,696 users
  14. #14 microsoftonline.com 12,544 users
  15. #15 paypal.com 11,452 users
  16. #16 apple.com 10,429 users
  17. #17 linkedin.com 10,380 users
  18. #18 spotify.com 10,224 users
  19. #19 192.168.1.1 9,534 users
  20. #20 mega.nz 9,508 users
  21. #21 riotgames.com 9,366 users
  22. #22 twitch.tv 9,307 users
  23. #23 epicgames.com 8,788 users
  24. #24 zoom.us 7,994 users
  25. #25 com.discord 7,980 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 229 employees
  2. #2 icicibank.com 191 employees
  3. #3 rediff.com 149 employees
  4. #4 watchit.com 145 employees
  5. #5 buenosaires.gob.ar 135 employees
  6. #6 wp.pl 124 employees
  7. #7 secop.gov.co 110 employees
  8. #8 163.com 110 employees
  9. #9 banquemisr.com 94 employees
  10. #10 qq.com 84 employees
  11. #11 firstmail.ltd 80 employees
  12. #12 bni.co.id 73 employees
  13. #13 naver.com 68 employees
  14. #14 netpnb.com 67 employees
  15. #15 jwpub.org 66 employees
  16. #16 secureserver.net 65 employees
  17. #17 unionbankonline.co.in 60 employees
  18. #18 laureate.net 60 employees
  19. #19 deped.gov.ph 58 employees
  20. #20 mail.tm 58 employees
  21. #21 bluehost.com 56 employees
  22. #22 sempreser.com.br 55 employees
  23. #23 inacap.cl 55 employees
  24. #24 icai.org 55 employees
  25. #25 bobibanking.com 54 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 48 employees
  2. #2 rockwellautomation.com 42 employees
  3. #3 ibm.com 9 employees
  4. #4 apple.com 8 employees
  5. #5 hp.com 5 employees
  6. #6 xerox.com 4 employees
  7. #7 honeywell.com 4 employees
  8. #8 amazon.com 4 employees
  9. #9 intel.com 4 employees
  10. #10 pg.com 4 employees
  11. #11 oracle.com 4 employees
  12. #12 jll.com 4 employees
  13. #13 netflix.com 4 employees
  14. #14 google.com 4 employees
  15. #15 facebook.com 3 employees
  16. #16 jnj.com 3 employees
  17. #17 ford.com 3 employees
  18. #18 paypal.com 3 employees
  19. #19 cisco.com 3 employees
  20. #20 salesforce.com 2 employees

Compromised users

  1. #1 google.com 45,992 users
  2. #2 facebook.com 39,298 users
  3. #3 netflix.com 18,614 users
  4. #4 amazon.com 14,726 users
  5. #5 paypal.com 11,452 users
  6. #6 apple.com 10,429 users
  7. #7 ebay.com 2,047 users
  8. #8 hp.com 1,679 users
  9. #9 oracle.com 1,611 users
  10. #10 microsoft.com 1,515 users
  11. #11 nike.com 1,350 users
  12. #12 cisco.com 1,255 users
  13. #13 ibm.com 607 users
  14. #14 walmart.com 458 users
  15. #15 westernunion.com 357 users
  16. #16 ups.com 353 users
  17. #17 intel.com 294 users
  18. #18 fedex.com 255 users
  19. #19 salesforce.com 228 users
  20. #20 adp.com 188 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

19,044 users

#2

Instagram

instagram.com · com.instagram.android

13,267 users

#3

Netflix

netflix.com · com.netflix.mediaclient

12,696 users

#4

Discord

discord.com · com.discord

7,980 users

#5

Roblox

roblox.com · com.roblox.client

7,409 users

#6

Spotify

spotify.com · com.spotify.music

6,389 users

#7

Twitch

app.com · tv.twitch.android.app

6,289 users

#8

Twitter

twitter.com · com.twitter.android

5,901 users

#9

Snapchat

snapchat.com · com.snapchat.android

5,444 users

#10

Disney

disney.com · com.disney.disneyplus

3,267 users

#11

Zoom

videomeetings.com · us.zoom.videomeetings

3,229 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

3,170 users

#13

LinkedIn

linkedin.com · com.linkedin.android

2,788 users

#14

Mega

app.com · mega.privacy.android.app

2,695 users

#15

Mercadolibre

mercadolibre.com · com.mercadolibre

2,560 users

#16

Xiaomi

xiaomi.com · com.xiaomi.account

2,280 users

#17

Wish

contextlogic.com · com.contextlogic.wish

2,188 users

#18

Waze

waze.com · com.waze

1,869 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

1,830 users

#20

Pinterest

pinterest.com · com.pinterest

1,420 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 1,677,187 users
  2. #2 hotmail.com 236,044 users
  3. #3 yahoo.com 66,720 users
  4. #4 outlook.com 43,794 users
  5. #5 icloud.com 10,474 users
  6. #6 live.com 7,060 users
  7. #7 yahoo.fr 4,726 users
  8. #8 yahoo.com.br 3,980 users
  9. #9 msn.com 3,877 users
  10. #10 hotmail.fr 3,600 users
  11. #11 hotmail.es 3,406 users
  12. #12 yahoo.co.id 3,404 users
  13. #13 yahoo.com.ar 2,949 users
  14. #14 ymail.com 2,418 users
  15. #15 mail.com 2,306 users
  16. #16 web.de 1,802 users
  17. #17 mail.ru 1,757 users
  18. #18 orange.fr 1,727 users
  19. #19 hotmail.co.uk 1,528 users
  20. #20 yahoo.co.jp 1,403 users
  21. #21 me.com 1,355 users
  22. #22 live.fr 1,265 users
  23. #23 protonmail.com 1,248 users
  24. #24 gmx.de 1,192 users
  25. #25 aol.com 1,185 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 39,298 accounts
  2. #2 twitter.com 13,503 accounts
  3. #3 instagram.com 20,751 accounts
  4. #4 linkedin.com 10,382 accounts
  5. #5 pinterest.com 3,467 accounts
  6. #6 tiktok.com 3,977 accounts
  7. #7 snapchat.com 3,889 accounts
  8. #8 reddit.com 1,437 accounts
  9. #9 youtube.com 193 accounts
  10. #10 weibo.com 170 accounts
  11. #11 vk.com 2,024 accounts
  12. #12 telegram.org 461 accounts
  13. #13 tumblr.com 1,097 accounts
  14. #14 discord.com 17,249 accounts
  15. #15 flickr.com 577 accounts
  16. #16 myspace.com 72 accounts
  17. #17 badoo.com 410 accounts
  18. #18 meetup.com 50 accounts
  19. #19 quora.com 245 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 StealC 63,726machines
  2. #2 RedLine 9,103machines
  3. #3 Generic Stealer 176machines
  4. #4 Lumma 59machines

Anti-virus Coverage

  1. #1 Windows Defender 8,534machines
  2. #2 Reason Cybersecurity 832machines
  3. #3 Avast Antivirus 378machines
  4. #4 360 Total Security 325machines
  5. #5 McAfee 176machines
  6. #6 McAfee Firewall 117machines
  7. #7 McAfee VirusScan 94machines
  8. #8 AVG Antivirus 90machines
  9. #9 Kaspersky 87machines
  10. #10 Kaspersky Internet Security 66machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 187,330hits
  2. #2 sso 53,216hits
  3. #3 zoom 17,917hits
  4. #4 github 9,041hits
  5. #5 webmail 5,744hits
  6. #6 adfs 5,133hits
  7. #7 oracle 3,316hits
  8. #8 sap 2,708hits
  9. #9 owa 2,588hits
  10. #10 zendesk 2,540hits
  11. #11 ping 2,054hits
  12. #12 sts 1,919hits
  13. #13 cpanel 1,824hits
  14. #14 vpn 1,733hits
  15. #15 webex 1,442hits
  16. #16 kaspersky 1,319hits
  17. #17 extranet 1,030hits
  18. #18 roundcube 1,021hits
  19. #19 st 906hits
  20. #20 ftp 885hits
  21. #21 salesforce 797hits
  22. #22 okta 651hits
  23. #23 gitlab 440hits
  24. #24 twilio 379hits
  25. #25 citrix 273hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure