Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Nov 25 – Dec 2, 2024 11 min read

Infostealers Weekly Report: 2024-11-25 – 2024-12-02

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 5,012 Compromised Machines
#2 925 Compromised Employees
#3 1,456 Compromised Users
#4 2,631 Compromised Androids
#5 60,840 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 134
Infections by country

Top 25 countries

  1. #1 Brazil 454
  2. #2 India 334
  3. #3 Vietnam 287
  4. #4 Indonesia 235
  5. #5 Philippines 193
  6. #6 Egypt 192
  7. #7 United States of America 126
  8. #8 Thailand 104
  9. #9 Argentina 83
  10. #10 Bangladesh 82
  11. #11 Pakistan 72
  12. #12 Colombia 69
  13. #13 Turkey 65
  14. #14 South Africa 63
  15. #15 Mexico 61
  16. #16 Malaysia 54
  17. #17 Morocco 51
  18. #18 France 44
  19. #19 United Kingdom 41
  20. #20 Kenya 39
  21. #21 Romania 36
  22. #22 Poland 36
  23. #23 Sri Lanka 35
  24. #24 Italy 32
  25. #25 Peru 31

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 3,256 users
  2. #2 facebook.com 2,731 users
  3. #3 live.com 2,525 users
  4. #4 roblox.com 1,631 users
  5. #5 discord.com 1,595 users
  6. #6 instagram.com 1,516 users
  7. #7 com.facebook.katana 1,387 users
  8. #8 netflix.com 1,301 users
  9. #9 steampowered.com 1,044 users
  10. #10 amazon.com 1,005 users
  11. #11 com.instagram.android 973 users
  12. #12 com.netflix.mediaclient 897 users
  13. #13 paypal.com 869 users
  14. #14 twitter.com 859 users
  15. #15 microsoftonline.com 819 users
  16. #16 com.roblox.client 808 users
  17. #17 spotify.com 799 users
  18. #18 riotgames.com 790 users
  19. #19 twitch.tv 790 users
  20. #20 apple.com 768 users
  21. #21 epicgames.com 740 users
  22. #22 mega.nz 679 users
  23. #23 com.discord 659 users
  24. #24 steamcommunity.com 629 users
  25. #25 com.spotify.music 601 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 22 employees
  2. #2 icicibank.com 17 employees
  3. #3 firstmail.ltd 16 employees
  4. #4 deped.gov.ph 14 employees
  5. #5 ig.com.br 10 employees
  6. #6 sempreser.com.br 10 employees
  7. #7 rediff.com 10 employees
  8. #8 bcb.gov.br 9 employees
  9. #9 163.com 8 employees
  10. #10 icai.org 7 employees
  11. #11 santander.com.br 7 employees
  12. #12 wp.pl 7 employees
  13. #13 sutherlandglobal.com 6 employees
  14. #14 digimail.in 6 employees
  15. #15 login.sp.gov.br 6 employees
  16. #16 concentrix.com 6 employees
  17. #17 qq.com 6 employees
  18. #18 mail.tm 5 employees
  19. #19 kingking2024.com 5 employees
  20. #20 watchit.com 5 employees
  21. #21 belajar.id 5 employees
  22. #22 tracker.co.za 5 employees
  23. #23 hostgator.com 5 employees
  24. #24 safervpn.com 5 employees
  25. #25 pec.it 5 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 jll.com 2 employees
  2. #2 rockwellautomation.com 2 employees
  3. #3 microsoft.com 1 employees
  4. #4 publix.com 1 employees
  5. #5 chrobinson.com 1 employees
  6. #6 westrock.com 1 employees
  7. #7 hp.com 1 employees
  8. #8 bms.com 1 employees
  9. #9 ge.com 1 employees

Compromised users

  1. #1 google.com 3,256 users
  2. #2 facebook.com 2,731 users
  3. #3 netflix.com 1,301 users
  4. #4 amazon.com 1,005 users
  5. #5 paypal.com 869 users
  6. #6 apple.com 768 users
  7. #7 ebay.com 134 users
  8. #8 oracle.com 119 users
  9. #9 hp.com 109 users
  10. #10 microsoft.com 87 users
  11. #11 nike.com 79 users
  12. #12 cisco.com 66 users
  13. #13 ibm.com 41 users
  14. #14 intel.com 27 users
  15. #15 walmart.com 26 users
  16. #16 westernunion.com 24 users
  17. #17 ups.com 17 users
  18. #18 adp.com 16 users
  19. #19 broadcom.com 13 users
  20. #20 bestbuy.com 10 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

1,387 users

#2

Instagram

instagram.com · com.instagram.android

973 users

#3

Netflix

netflix.com · com.netflix.mediaclient

897 users

#4

Roblox

roblox.com · com.roblox.client

808 users

#5

Discord

discord.com · com.discord

659 users

#6

Spotify

spotify.com · com.spotify.music

601 users

#7

Pinterest

pinterest.com · com.pinterest

541 users

#8

Twitch

app.com · tv.twitch.android.app

482 users

#9

Twitter

twitter.com · com.twitter.android

428 users

#10

Snapchat

snapchat.com · com.snapchat.android

364 users

#11

PayPal

paypal.com · com.paypal.android.p2pmobile

264 users

#12

Wish

contextlogic.com · com.contextlogic.wish

262 users

#13

Zoom

videomeetings.com · us.zoom.videomeetings

227 users

#14

Mega

app.com · mega.privacy.android.app

221 users

#15

Mercadolibre

mercadolibre.com · com.mercadolibre

194 users

#16

Disney

disney.com · com.disney.disneyplus

181 users

#17

LinkedIn

linkedin.com · com.linkedin.android

165 users

#18

Xiaomi

xiaomi.com · com.xiaomi.account

149 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

123 users

#20

Waze

waze.com · com.waze

116 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 133,997 users
  2. #2 hotmail.com 13,395 users
  3. #3 yahoo.com 5,732 users
  4. #4 outlook.com 3,249 users
  5. #5 icloud.com 759 users
  6. #6 yahoo.com.br 608 users
  7. #7 free.fr 420 users
  8. #8 hotmail.it 282 users
  9. #9 hotmail.fr 253 users
  10. #10 ymail.com 214 users
  11. #11 yahoo.fr 200 users
  12. #12 alice.it 197 users
  13. #13 mail.com 188 users
  14. #14 live.com 164 users
  15. #15 hotmail.co.uk 114 users
  16. #16 msn.com 111 users
  17. #17 yahoo.co.id 105 users
  18. #18 terra.com.br 87 users
  19. #19 outlook.com.br 83 users
  20. #20 protonmail.com 83 users
  21. #21 hotmail.es 72 users
  22. #22 libero.it 67 users
  23. #23 live.fr 63 users
  24. #24 proton.me 61 users
  25. #25 tiscali.it 48 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 2,731 accounts
  2. #2 twitter.com 859 accounts
  3. #3 instagram.com 1,516 accounts
  4. #4 linkedin.com 599 accounts
  5. #5 pinterest.com 241 accounts
  6. #6 tiktok.com 373 accounts
  7. #7 snapchat.com 231 accounts
  8. #8 reddit.com 113 accounts
  9. #9 youtube.com 10 accounts
  10. #10 weibo.com 11 accounts
  11. #11 vk.com 143 accounts
  12. #12 telegram.org 13 accounts
  13. #13 tumblr.com 45 accounts
  14. #14 discord.com 1,595 accounts
  15. #15 flickr.com 42 accounts
  16. #16 myspace.com 6 accounts
  17. #17 badoo.com 22 accounts
  18. #18 meetup.com 0 accounts
  19. #19 quora.com 22 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 3,339machines
  2. #2 Generic Stealer 927machines
  3. #3 StealC 745machines
  4. #4 DarkCrystal 1machines

Anti-virus Coverage

  1. #1 Windows Defender 1,970machines
  2. #2 Windows Defender [ON] 477machines
  3. #3 Reason Cybersecurity 185machines
  4. #4 None 158machines
  5. #5 Reason Cybersecurity [OFF] 15machines
  6. #6 360 Total Security 13machines
  7. #7 ESET Security 11machines
  8. #8 Quick Heal Total Security 7machines
  9. #9 Microsoft Security Essentials 6machines
  10. #10 Malwarebytes 6machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 13,844hits
  2. #2 sso 3,599hits
  3. #3 zoom 989hits
  4. #4 github 774hits
  5. #5 adfs 536hits
  6. #6 webmail 306hits
  7. #7 zendesk 239hits
  8. #8 oracle 235hits
  9. #9 vpn 149hits
  10. #10 sts 132hits
  11. #11 sap 128hits
  12. #12 ping 123hits
  13. #13 cpanel 115hits
  14. #14 owa 101hits
  15. #15 kaspersky 73hits
  16. #16 extranet 54hits
  17. #17 webex 52hits
  18. #18 st 44hits
  19. #19 imap 39hits
  20. #20 ftp 35hits
  21. #21 roundcube 33hits
  22. #22 okta 32hits
  23. #23 zimbra 25hits
  24. #24 salesforce 23hits
  25. #25 citrix 16hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure