Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Jan 27 – Feb 3, 2025 12 min read

Infostealers Weekly Report: 2025-01-27 – 2025-02-03

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 6,682 Compromised Machines
#2 1,293 Compromised Employees
#3 1,888 Compromised Users
#4 3,501 Compromised Androids
#5 75,987 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 139
Infections by country

Top 25 countries

  1. #1 Brazil 483
  2. #2 India 358
  3. #3 United States of America 202
  4. #4 Philippines 200
  5. #5 Indonesia 185
  6. #6 Turkey 162
  7. #7 Argentina 127
  8. #8 Vietnam 113
  9. #9 France 105
  10. #10 Pakistan 104
  11. #11 Germany 100
  12. #12 Mexico 97
  13. #13 Bangladesh 89
  14. #14 Egypt 86
  15. #15 Romania 77
  16. #16 Italy 64
  17. #17 Colombia 64
  18. #18 United Kingdom 59
  19. #19 South Africa 59
  20. #20 Thailand 58
  21. #21 Algeria 57
  22. #22 Poland 57
  23. #23 Morocco 57
  24. #24 Chile 54
  25. #25 Portugal 52

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 4,460 users
  2. #2 facebook.com 3,491 users
  3. #3 live.com 3,384 users
  4. #4 discord.com 2,374 users
  5. #5 roblox.com 2,273 users
  6. #6 instagram.com 2,125 users
  7. #7 netflix.com 1,930 users
  8. #8 com.facebook.katana 1,793 users
  9. #9 steampowered.com 1,651 users
  10. #10 twitch.tv 1,450 users
  11. #11 amazon.com 1,423 users
  12. #12 com.instagram.android 1,354 users
  13. #13 spotify.com 1,348 users
  14. #14 epicgames.com 1,337 users
  15. #15 paypal.com 1,232 users
  16. #16 riotgames.com 1,220 users
  17. #17 com.netflix.mediaclient 1,219 users
  18. #18 twitter.com 1,155 users
  19. #19 com.roblox.client 1,111 users
  20. #20 apple.com 1,107 users
  21. #21 steamcommunity.com 1,102 users
  22. #22 microsoftonline.com 1,023 users
  23. #23 com.discord 938 users
  24. #24 mega.nz 926 users
  25. #25 rockstargames.com 918 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 firstmail.ltd 31 employees
  2. #2 hostinger.com 30 employees
  3. #3 rediff.com 29 employees
  4. #4 icicibank.com 22 employees
  5. #5 163.com 21 employees
  6. #6 qq.com 15 employees
  7. #7 concentrix.com 14 employees
  8. #8 wp.pl 13 employees
  9. #9 sempreser.com.br 12 employees
  10. #10 naver.com 12 employees
  11. #11 freemail.hu 12 employees
  12. #12 bobibanking.com 10 employees
  13. #13 sep.gob.mx 10 employees
  14. #14 buenosaires.gob.ar 10 employees
  15. #15 telecom.pt 9 employees
  16. #16 abv.bg 9 employees
  17. #17 mail.tm 8 employees
  18. #18 interia.pl 6 employees
  19. #19 sapo.pt 6 employees
  20. #20 rmunify.com 6 employees
  21. #21 undergroundshirts.com 6 employees
  22. #22 santander.com.br 6 employees
  23. #23 o2.pl 6 employees
  24. #24 rskfc.com 6 employees
  25. #25 onlinesbi.com 6 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 3 employees
  2. #2 rockwellautomation.com 2 employees
  3. #3 publix.com 1 employees
  4. #4 simon.com 1 employees
  5. #5 netflix.com 1 employees
  6. #6 xerox.com 1 employees
  7. #7 intel.com 1 employees
  8. #8 ncr.com 1 employees
  9. #9 wrberkley.com 1 employees
  10. #10 oracle.com 1 employees
  11. #11 cisco.com 1 employees
  12. #12 halliburton.com 1 employees

Compromised users

  1. #1 google.com 4,460 users
  2. #2 facebook.com 3,491 users
  3. #3 netflix.com 1,930 users
  4. #4 amazon.com 1,423 users
  5. #5 paypal.com 1,232 users
  6. #6 apple.com 1,107 users
  7. #7 ebay.com 213 users
  8. #8 nike.com 158 users
  9. #9 microsoft.com 151 users
  10. #10 hp.com 150 users
  11. #11 oracle.com 119 users
  12. #12 cisco.com 82 users
  13. #13 walmart.com 57 users
  14. #14 ibm.com 48 users
  15. #15 ups.com 48 users
  16. #16 intel.com 40 users
  17. #17 adp.com 36 users
  18. #18 westernunion.com 32 users
  19. #19 bestbuy.com 32 users
  20. #20 fedex.com 30 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

1,793 users

#2

Instagram

instagram.com · com.instagram.android

1,354 users

#3

Netflix

netflix.com · com.netflix.mediaclient

1,219 users

#4

Roblox

roblox.com · com.roblox.client

1,111 users

#5

Discord

discord.com · com.discord

938 users

#6

Spotify

spotify.com · com.spotify.music

894 users

#7

Pinterest

pinterest.com · com.pinterest

828 users

#8

Twitch

app.com · tv.twitch.android.app

748 users

#9

Snapchat

snapchat.com · com.snapchat.android

551 users

#10

Twitter

twitter.com · com.twitter.android

524 users

#11

Wish

contextlogic.com · com.contextlogic.wish

416 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

357 users

#13

Disney

disney.com · com.disney.disneyplus

335 users

#14

Mega

app.com · mega.privacy.android.app

278 users

#15

Zoom

videomeetings.com · us.zoom.videomeetings

251 users

#16

Mercadolibre

mercadolibre.com · com.mercadolibre

235 users

#17

LinkedIn

linkedin.com · com.linkedin.android

216 users

#18

Xiaomi

xiaomi.com · com.xiaomi.account

208 users

#19

Waze

waze.com · com.waze

185 users

#20

Alibaba

alibaba.com · com.alibaba.aliexpresshd

163 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 185,337 users
  2. #2 hotmail.com 16,975 users
  3. #3 yahoo.com 7,282 users
  4. #4 outlook.com 5,840 users
  5. #5 icloud.com 1,806 users
  6. #6 live.com 654 users
  7. #7 hotmail.fr 447 users
  8. #8 yahoo.com.br 413 users
  9. #9 proton.me 404 users
  10. #10 msn.com 335 users
  11. #11 yahoo.fr 304 users
  12. #12 live.com.ar 229 users
  13. #13 aol.com 226 users
  14. #14 yahoo.com.ar 213 users
  15. #15 yahoo.co.uk 192 users
  16. #16 gmx.de 189 users
  17. #17 libero.it 188 users
  18. #18 yahoo.co.id 179 users
  19. #19 hotmail.es 171 users
  20. #20 web.de 151 users
  21. #21 ymail.com 142 users
  22. #22 email.com 142 users
  23. #23 mail.com 135 users
  24. #24 hanmail.net 130 users
  25. #25 gmx.com 123 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 3,491 accounts
  2. #2 twitter.com 1,155 accounts
  3. #3 instagram.com 2,125 accounts
  4. #4 linkedin.com 738 accounts
  5. #5 pinterest.com 337 accounts
  6. #6 tiktok.com 499 accounts
  7. #7 snapchat.com 406 accounts
  8. #8 reddit.com 204 accounts
  9. #9 youtube.com 33 accounts
  10. #10 weibo.com 19 accounts
  11. #11 vk.com 234 accounts
  12. #12 telegram.org 19 accounts
  13. #13 tumblr.com 86 accounts
  14. #14 discord.com 2,374 accounts
  15. #15 flickr.com 54 accounts
  16. #16 myspace.com 7 accounts
  17. #17 badoo.com 25 accounts
  18. #18 meetup.com 2 accounts
  19. #19 quora.com 17 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 4,065machines
  2. #2 Generic Stealer 2,415machines
  3. #3 Vidar 202machines

Anti-virus Coverage

  1. #1 Windows Defender 2,285machines
  2. #2 Windows Defender [ON] 420machines
  3. #3 Disabled 202machines
  4. #4 None 197machines
  5. #5 Reason Cybersecurity 137machines
  6. #6 Reason Cybersecurity [OFF] 15machines
  7. #7 Malwarebytes [OFF] 11machines
  8. #8 360 Total Security 8machines
  9. #9 Avast Antivirus 8machines
  10. #10 Malwarebytes 7machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 19,875hits
  2. #2 sso 4,423hits
  3. #3 zoom 1,247hits
  4. #4 github 1,060hits
  5. #5 adfs 476hits
  6. #6 webmail 396hits
  7. #7 zendesk 274hits
  8. #8 sap 264hits
  9. #9 oracle 238hits
  10. #10 vpn 184hits
  11. #11 cpanel 170hits
  12. #12 extranet 153hits
  13. #13 owa 135hits
  14. #14 sts 130hits
  15. #15 ping 128hits
  16. #16 kaspersky 127hits
  17. #17 imap 127hits
  18. #18 salesforce 92hits
  19. #19 webex 88hits
  20. #20 ftp 79hits
  21. #21 okta 69hits
  22. #22 st 57hits
  23. #23 roundcube 44hits
  24. #24 twilio 36hits
  25. #25 citrix 34hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

  • 16K machines
  • 4K users
  • 200K domains
View report →
Free Tools Check your exposure