Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Dec 9 – Dec 16, 2024 12 min read

Infostealers Weekly Report: 2024-12-09 – 2024-12-16

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 12,123 Compromised Machines
#2 1,333 Compromised Employees
#3 6,588 Compromised Users
#4 4,202 Compromised Androids
#5 81,232 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 151
Infections by country

Top 25 countries

  1. #1 Brazil 681
  2. #2 Vietnam 453
  3. #3 Indonesia 408
  4. #4 India 395
  5. #5 Philippines 356
  6. #6 United States of America 346
  7. #7 Thailand 224
  8. #8 Argentina 167
  9. #9 Turkey 122
  10. #10 Malaysia 120
  11. #11 Bangladesh 119
  12. #12 Poland 118
  13. #13 Egypt 116
  14. #14 Germany 107
  15. #15 France 99
  16. #16 Peru 96
  17. #17 Italy 91
  18. #18 Australia 88
  19. #19 Romania 87
  20. #20 Colombia 75
  21. #21 Morocco 71
  22. #22 South Korea 68
  23. #23 Pakistan 68
  24. #24 United Kingdom 65
  25. #25 Mexico 62

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 9,477 users
  2. #2 facebook.com 4,023 users
  3. #3 live.com 3,942 users
  4. #4 roblox.com 3,565 users
  5. #5 discord.com 3,346 users
  6. #6 instagram.com 2,492 users
  7. #7 steampowered.com 2,090 users
  8. #8 netflix.com 2,083 users
  9. #9 com.facebook.katana 2,042 users
  10. #10 twitch.tv 1,727 users
  11. #11 riotgames.com 1,695 users
  12. #12 com.roblox.client 1,692 users
  13. #13 epicgames.com 1,610 users
  14. #14 spotify.com 1,505 users
  15. #15 amazon.com 1,494 users
  16. #16 com.instagram.android 1,386 users
  17. #17 com.netflix.mediaclient 1,350 users
  18. #18 steamcommunity.com 1,349 users
  19. #19 com.discord 1,333 users
  20. #20 paypal.com 1,273 users
  21. #21 microsoftonline.com 1,256 users
  22. #22 twitter.com 1,242 users
  23. #23 apple.com 1,148 users
  24. #24 tlauncher.org 1,128 users
  25. #25 com.spotify.music 1,008 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 firstmail.ltd 54 employees
  2. #2 wp.pl 25 employees
  3. #3 icicibank.com 21 employees
  4. #4 hostinger.com 21 employees
  5. #5 rediff.com 18 employees
  6. #6 mail.tm 15 employees
  7. #7 163.com 14 employees
  8. #8 buenosaires.gob.ar 14 employees
  9. #9 det.nsw.edu.au 14 employees
  10. #10 qq.com 13 employees
  11. #11 naver.com 13 employees
  12. #12 sempreser.com.br 13 employees
  13. #13 bcb.gov.br 12 employees
  14. #14 aruba.it 11 employees
  15. #15 seznam.cz 11 employees
  16. #16 ulife.com.br 11 employees
  17. #17 santander.com.br 10 employees
  18. #18 bobibanking.com 9 employees
  19. #19 abv.bg 8 employees
  20. #20 smkn1rongga.sch.id 8 employees
  21. #21 alxswe.com 8 employees
  22. #22 uol.com.br 8 employees
  23. #23 zsthost.com 8 employees
  24. #24 tim.it 8 employees
  25. #25 secureserver.net 8 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 2 employees
  2. #2 rockwellautomation.com 2 employees
  3. #3 pepsico.com 1 employees
  4. #4 ups.com 1 employees
  5. #5 apple.com 1 employees
  6. #6 amazon.com 1 employees
  7. #7 csc.com 1 employees
  8. #8 publix.com 1 employees
  9. #9 jacobs.com 1 employees
  10. #10 conocophillips.com 1 employees
  11. #11 twc.com 1 employees
  12. #12 att.com 1 employees
  13. #13 cognizant.com 1 employees
  14. #14 google.com 1 employees
  15. #15 oracle.com 1 employees

Compromised users

  1. #1 google.com 9,477 users
  2. #2 facebook.com 4,023 users
  3. #3 netflix.com 2,083 users
  4. #4 amazon.com 1,494 users
  5. #5 paypal.com 1,273 users
  6. #6 apple.com 1,148 users
  7. #7 nike.com 183 users
  8. #8 microsoft.com 146 users
  9. #9 ebay.com 139 users
  10. #10 hp.com 133 users
  11. #11 oracle.com 121 users
  12. #12 cisco.com 72 users
  13. #13 walmart.com 53 users
  14. #14 ibm.com 46 users
  15. #15 intel.com 37 users
  16. #16 fedex.com 31 users
  17. #17 adp.com 30 users
  18. #18 ups.com 28 users
  19. #19 bestbuy.com 28 users
  20. #20 target.com 25 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

2,042 users

#2

Roblox

roblox.com · com.roblox.client

1,692 users

#3

Instagram

instagram.com · com.instagram.android

1,386 users

#4

Netflix

netflix.com · com.netflix.mediaclient

1,350 users

#5

Discord

discord.com · com.discord

1,333 users

#6

Spotify

spotify.com · com.spotify.music

1,008 users

#7

Pinterest

pinterest.com · com.pinterest

948 users

#8

Twitch

app.com · tv.twitch.android.app

903 users

#9

Snapchat

snapchat.com · com.snapchat.android

591 users

#10

Twitter

twitter.com · com.twitter.android

567 users

#11

Wish

contextlogic.com · com.contextlogic.wish

436 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

404 users

#13

Disney

disney.com · com.disney.disneyplus

344 users

#14

Mega

app.com · mega.privacy.android.app

310 users

#15

Zoom

videomeetings.com · us.zoom.videomeetings

286 users

#16

Xiaomi

xiaomi.com · com.xiaomi.account

238 users

#17

Mercadolibre

mercadolibre.com · com.mercadolibre

233 users

#18

Waze

waze.com · com.waze

197 users

#19

LinkedIn

linkedin.com · com.linkedin.android

185 users

#20

Alibaba

alibaba.com · com.alibaba.aliexpresshd

139 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 211,897 users
  2. #2 hotmail.com 16,970 users
  3. #3 yahoo.com 6,632 users
  4. #4 outlook.com 5,152 users
  5. #5 icloud.com 2,100 users
  6. #6 live.com 755 users
  7. #7 gmx.de 626 users
  8. #8 hotmail.fr 593 users
  9. #9 libero.it 423 users
  10. #10 yahoo.com.br 331 users
  11. #11 ymail.com 326 users
  12. #12 hotmail.it 317 users
  13. #13 web.de 237 users
  14. #14 alice.it 220 users
  15. #15 yahoo.fr 197 users
  16. #16 hotmail.be 193 users
  17. #17 yahoo.co.id 191 users
  18. #18 aol.com 188 users
  19. #19 protonmail.com 177 users
  20. #20 mail.com 159 users
  21. #21 proton.me 153 users
  22. #22 googlemail.com 147 users
  23. #23 tiscali.it 123 users
  24. #24 rocketmail.com 121 users
  25. #25 yahoo.co.jp 118 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 4,023 accounts
  2. #2 twitter.com 1,242 accounts
  3. #3 instagram.com 2,492 accounts
  4. #4 linkedin.com 629 accounts
  5. #5 pinterest.com 345 accounts
  6. #6 tiktok.com 671 accounts
  7. #7 snapchat.com 509 accounts
  8. #8 reddit.com 193 accounts
  9. #9 youtube.com 56 accounts
  10. #10 weibo.com 6 accounts
  11. #11 vk.com 244 accounts
  12. #12 telegram.org 16 accounts
  13. #13 tumblr.com 92 accounts
  14. #14 discord.com 3,346 accounts
  15. #15 flickr.com 50 accounts
  16. #16 myspace.com 7 accounts
  17. #17 badoo.com 16 accounts
  18. #18 meetup.com 1 accounts
  19. #19 quora.com 21 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 6,422machines
  2. #2 Generic Stealer 5,098machines
  3. #3 StealC 501machines
  4. #4 Vidar 101machines
  5. #5 DarkCrystal 1machines

Anti-virus Coverage

  1. #1 Windows Defender 3,879machines
  2. #2 Windows Defender [ON] 740machines
  3. #3 Reason Cybersecurity 333machines
  4. #4 None 229machines
  5. #5 Disabled 101machines
  6. #6 Reason Cybersecurity [OFF] 45machines
  7. #7 ESET Security 19machines
  8. #8 Norton Security Ultra 16machines
  9. #9 360 Total Security 13machines
  10. #10 Malwarebytes [OFF] 12machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 22,036hits
  2. #2 sso 6,536hits
  3. #3 zoom 1,438hits
  4. #4 github 1,203hits
  5. #5 adfs 1,094hits
  6. #6 webmail 589hits
  7. #7 zendesk 287hits
  8. #8 oracle 269hits
  9. #9 imap 248hits
  10. #10 sts 212hits
  11. #11 owa 199hits
  12. #12 sap 186hits
  13. #13 ping 186hits
  14. #14 vpn 164hits
  15. #15 cpanel 152hits
  16. #16 webex 114hits
  17. #17 okta 80hits
  18. #18 extranet 78hits
  19. #19 roundcube 75hits
  20. #20 st 67hits
  21. #21 kaspersky 56hits
  22. #22 salesforce 49hits
  23. #23 twilio 38hits
  24. #24 ftp 37hits
  25. #25 gitlab 34hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure