Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Sep 9 – Sep 16, 2024 12 min read

Infostealers Weekly Report: 2024-09-09 – 2024-09-16

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 13,696 Compromised Machines
#2 2,762 Compromised Employees
#3 4,233 Compromised Users
#4 6,701 Compromised Androids
#5 110,976 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 169
Infections by country

Top 25 countries

  1. #1 Brazil 584
  2. #2 Pakistan 486
  3. #3 Egypt 406
  4. #4 Thailand 405
  5. #5 India 390
  6. #6 Turkey 358
  7. #7 Mexico 345
  8. #8 Colombia 308
  9. #9 Argentina 288
  10. #10 Philippines 273
  11. #11 Peru 265
  12. #12 Indonesia 261
  13. #13 Bangladesh 209
  14. #14 Venezuela 188
  15. #15 Spain 178
  16. #16 Vietnam 177
  17. #17 Algeria 162
  18. #18 Iran 160
  19. #19 Chile 149
  20. #20 Morocco 120
  21. #21 South Korea 117
  22. #22 Ecuador 110
  23. #23 Bolivia 92
  24. #24 Iraq 89
  25. #25 Nigeria 77

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 8,617 users
  2. #2 facebook.com 7,443 users
  3. #3 live.com 6,714 users
  4. #4 instagram.com 3,619 users
  5. #5 com.facebook.katana 3,603 users
  6. #6 netflix.com 3,197 users
  7. #7 discord.com 3,047 users
  8. #8 amazon.com 2,542 users
  9. #9 steampowered.com 2,389 users
  10. #10 twitter.com 2,342 users
  11. #11 roblox.com 2,330 users
  12. #12 com.instagram.android 2,324 users
  13. #13 com.netflix.mediaclient 2,251 users
  14. #14 microsoftonline.com 2,123 users
  15. #15 mega.nz 2,077 users
  16. #16 paypal.com 2,026 users
  17. #17 192.168.1.1 1,935 users
  18. #18 apple.com 1,880 users
  19. #19 linkedin.com 1,853 users
  20. #20 spotify.com 1,660 users
  21. #21 twitch.tv 1,545 users
  22. #22 epicgames.com 1,525 users
  23. #23 zoom.us 1,460 users
  24. #24 com.roblox.client 1,435 users
  25. #25 riotgames.com 1,416 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 71 employees
  2. #2 laureate.net 31 employees
  3. #3 secop.gov.co 31 employees
  4. #4 rediff.com 26 employees
  5. #5 tim.it 21 employees
  6. #6 utp.edu.pe 20 employees
  7. #7 sat.gob.mx 20 employees
  8. #8 icicibank.com 20 employees
  9. #9 abv.bg 19 employees
  10. #10 jwpub.org 19 employees
  11. #11 rockwellautomation.com 19 employees
  12. #12 wp.pl 18 employees
  13. #13 watchit.com 16 employees
  14. #14 stou.ac.th 16 employees
  15. #15 microsoft.com 16 employees
  16. #16 aruba.it 16 employees
  17. #17 kakao.com 15 employees
  18. #18 buenosaires.gob.ar 15 employees
  19. #19 163.com 15 employees
  20. #20 upc.edu.pe 14 employees
  21. #21 naver.com 14 employees
  22. #22 alxswe.com 14 employees
  23. #23 unionbankonline.co.in 14 employees
  24. #24 secureserver.net 13 employees
  25. #25 sempreser.com.br 13 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 19 employees
  2. #2 microsoft.com 16 employees
  3. #3 qualcomm.com 4 employees
  4. #4 cisco.com 3 employees
  5. #5 lear.com 2 employees
  6. #6 hp.com 2 employees
  7. #7 google.com 2 employees
  8. #8 amazon.com 2 employees
  9. #9 sandisk.com 2 employees
  10. #10 oracle.com 1 employees
  11. #11 xerox.com 1 employees
  12. #12 ibm.com 1 employees
  13. #13 facebook.com 1 employees
  14. #14 apple.com 1 employees

Compromised users

  1. #1 google.com 8,617 users
  2. #2 facebook.com 7,443 users
  3. #3 netflix.com 3,197 users
  4. #4 amazon.com 2,542 users
  5. #5 paypal.com 2,026 users
  6. #6 apple.com 1,880 users
  7. #7 hp.com 320 users
  8. #8 ebay.com 318 users
  9. #9 oracle.com 318 users
  10. #10 microsoft.com 317 users
  11. #11 cisco.com 273 users
  12. #12 nike.com 170 users
  13. #13 ibm.com 108 users
  14. #14 westernunion.com 81 users
  15. #15 intel.com 49 users
  16. #16 walmart.com 46 users
  17. #17 fedex.com 43 users
  18. #18 ups.com 38 users
  19. #19 salesforce.com 33 users
  20. #20 westerndigital.com 31 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

3,603 users

#2

Instagram

instagram.com · com.instagram.android

2,324 users

#3

Netflix

netflix.com · com.netflix.mediaclient

2,251 users

#4

Roblox

roblox.com · com.roblox.client

1,435 users

#5

Discord

discord.com · com.discord

1,313 users

#6

Spotify

spotify.com · com.spotify.music

1,113 users

#7

Twitch

app.com · tv.twitch.android.app

1,112 users

#8

Twitter

twitter.com · com.twitter.android

942 users

#9

Snapchat

snapchat.com · com.snapchat.android

919 users

#10

Disney

disney.com · com.disney.disneyplus

657 users

#11

PayPal

paypal.com · com.paypal.android.p2pmobile

580 users

#12

Zoom

videomeetings.com · us.zoom.videomeetings

580 users

#13

Mega

app.com · mega.privacy.android.app

571 users

#14

Mercadolibre

mercadolibre.com · com.mercadolibre

514 users

#15

LinkedIn

linkedin.com · com.linkedin.android

513 users

#16

Xiaomi

xiaomi.com · com.xiaomi.account

499 users

#17

Wish

contextlogic.com · com.contextlogic.wish

468 users

#18

Alibaba

alibaba.com · com.alibaba.aliexpresshd

400 users

#19

Waze

waze.com · com.waze

326 users

#20

Pinterest

pinterest.com · com.pinterest

252 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 305,597 users
  2. #2 hotmail.com 43,857 users
  3. #3 yahoo.com 12,217 users
  4. #4 outlook.com 8,577 users
  5. #5 icloud.com 1,835 users
  6. #6 yahoo.fr 1,191 users
  7. #7 live.com 1,160 users
  8. #8 yahoo.com.br 872 users
  9. #9 laposte.net 804 users
  10. #10 hotmail.es 682 users
  11. #11 orange.fr 582 users
  12. #12 msn.com 533 users
  13. #13 gmx.de 440 users
  14. #14 hotmail.fr 433 users
  15. #15 yahoo.de 415 users
  16. #16 yahoo.com.ar 414 users
  17. #17 mail.ru 414 users
  18. #18 libero.it 369 users
  19. #19 aol.com 342 users
  20. #20 googlemail.com 321 users
  21. #21 mail.com 312 users
  22. #22 yahoo.it 311 users
  23. #23 live.com.mx 266 users
  24. #24 live.fr 262 users
  25. #25 yahoo.com.mx 251 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 7,443 accounts
  2. #2 twitter.com 2,342 accounts
  3. #3 instagram.com 3,619 accounts
  4. #4 linkedin.com 1,856 accounts
  5. #5 pinterest.com 605 accounts
  6. #6 tiktok.com 664 accounts
  7. #7 snapchat.com 566 accounts
  8. #8 reddit.com 218 accounts
  9. #9 youtube.com 57 accounts
  10. #10 weibo.com 21 accounts
  11. #11 vk.com 360 accounts
  12. #12 telegram.org 107 accounts
  13. #13 tumblr.com 141 accounts
  14. #14 discord.com 3,047 accounts
  15. #15 flickr.com 99 accounts
  16. #16 myspace.com 10 accounts
  17. #17 badoo.com 141 accounts
  18. #18 meetup.com 8 accounts
  19. #19 quora.com 30 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 RedLine 8,948machines
  2. #2 StealC 3,428machines
  3. #3 Generic Stealer 925machines
  4. #4 Vidar 390machines
  5. #5 Atomic 3machines
  6. #6 Lumma 2machines

Anti-virus Coverage

  1. #1 Windows Defender 9,220machines
  2. #2 Avast Antivirus 391machines
  3. #3 Reason Cybersecurity 306machines
  4. #4 360 Total Security 304machines
  5. #5 McAfee 144machines
  6. #6 McAfee Firewall 105machines
  7. #7 Kaspersky 90machines
  8. #8 McAfee VirusScan 73machines
  9. #9 Kaspersky Internet Security 65machines
  10. #10 AVG Antivirus 63machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 36,481hits
  2. #2 sso 14,814hits
  3. #3 zoom 3,862hits
  4. #4 github 1,699hits
  5. #5 webmail 1,168hits
  6. #6 adfs 800hits
  7. #7 oracle 667hits
  8. #8 extranet 590hits
  9. #9 zendesk 476hits
  10. #10 ping 442hits
  11. #11 owa 405hits
  12. #12 vpn 371hits
  13. #13 sts 328hits
  14. #14 cpanel 316hits
  15. #15 sap 290hits
  16. #16 kaspersky 281hits
  17. #17 webex 249hits
  18. #18 st 247hits
  19. #19 ftp 207hits
  20. #20 salesforce 175hits
  21. #21 roundcube 172hits
  22. #22 imap 126hits
  23. #23 okta 105hits
  24. #24 twilio 96hits
  25. #25 gitlab 71hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure