Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Feb 3 – Feb 10, 2025 12 min read

Infostealers Weekly Report: 2025-02-03 – 2025-02-10

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 8,293 Compromised Machines
#2 1,716 Compromised Employees
#3 1,728 Compromised Users
#4 4,849 Compromised Androids
#5 108,202 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 146
Infections by country

Top 25 countries

  1. #1 India 871
  2. #2 Indonesia 535
  3. #3 Brazil 488
  4. #4 Vietnam 407
  5. #5 Egypt 378
  6. #6 Pakistan 310
  7. #7 Thailand 279
  8. #8 Philippines 237
  9. #9 Turkey 232
  10. #10 Argentina 227
  11. #11 Mexico 182
  12. #12 Bangladesh 142
  13. #13 Algeria 140
  14. #14 Colombia 125
  15. #15 Peru 112
  16. #16 South Africa 91
  17. #17 Morocco 85
  18. #18 Sri Lanka 75
  19. #19 Malaysia 70
  20. #20 Chile 68
  21. #21 Kenya 66
  22. #22 Dominican Republic 57
  23. #23 Ethiopia 57
  24. #24 Nigeria 54
  25. #25 Nepal 52

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 5,640 users
  2. #2 facebook.com 4,857 users
  3. #3 live.com 3,998 users
  4. #4 com.facebook.katana 2,686 users
  5. #5 instagram.com 2,556 users
  6. #6 netflix.com 2,069 users
  7. #7 discord.com 1,882 users
  8. #8 com.instagram.android 1,863 users
  9. #9 amazon.com 1,700 users
  10. #10 com.netflix.mediaclient 1,663 users
  11. #11 roblox.com 1,485 users
  12. #12 twitter.com 1,426 users
  13. #13 paypal.com 1,280 users
  14. #14 steampowered.com 1,278 users
  15. #15 apple.com 1,259 users
  16. #16 microsoftonline.com 1,246 users
  17. #17 192.168.1.1 1,235 users
  18. #18 mega.nz 1,234 users
  19. #19 linkedin.com 1,143 users
  20. #20 t.me 1,115 users
  21. #21 com.pinterest 1,110 users
  22. #22 spotify.com 1,082 users
  23. #23 com.spotify.music 1,048 users
  24. #24 yahoo.com 1,010 users
  25. #25 com.roblox.client 984 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 55 employees
  2. #2 rediff.com 46 employees
  3. #3 icicibank.com 38 employees
  4. #4 qq.com 20 employees
  5. #5 buenosaires.gob.ar 18 employees
  6. #6 bobibanking.com 15 employees
  7. #7 mail.tm 15 employees
  8. #8 watchit.com 13 employees
  9. #9 icai.org 12 employees
  10. #10 digimail.in 11 employees
  11. #11 secureserver.net 11 employees
  12. #12 163.com 11 employees
  13. #13 aiou.edu.pk 11 employees
  14. #14 firstmail.ltd 10 employees
  15. #15 viettel.com.vn 9 employees
  16. #16 bluehost.com 9 employees
  17. #17 indusind.com 9 employees
  18. #18 santander.com.br 8 employees
  19. #19 hostgator.com 8 employees
  20. #20 deped.gov.ph 8 employees
  21. #21 pnbibanking.in 8 employees
  22. #22 telkomsa.net 7 employees
  23. #23 kemenag.go.id 7 employees
  24. #24 fednetbank.com 7 employees
  25. #25 maychuemail.com 7 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 5 employees
  2. #2 cognizant.com 3 employees
  3. #3 hp.com 3 employees
  4. #4 ncr.com 2 employees
  5. #5 apple.com 2 employees
  6. #6 rockwellautomation.com 2 employees
  7. #7 cvshealth.com 1 employees
  8. #8 jnj.com 1 employees
  9. #9 qualcomm.com 1 employees
  10. #10 fisglobal.com 1 employees
  11. #11 cablevision.com 1 employees
  12. #12 intel.com 1 employees
  13. #13 google.com 1 employees
  14. #14 ppg.com 1 employees
  15. #15 amazon.com 1 employees
  16. #16 ibm.com 1 employees

Compromised users

  1. #1 google.com 5,640 users
  2. #2 facebook.com 4,857 users
  3. #3 netflix.com 2,069 users
  4. #4 amazon.com 1,700 users
  5. #5 paypal.com 1,280 users
  6. #6 apple.com 1,259 users
  7. #7 ebay.com 201 users
  8. #8 hp.com 186 users
  9. #9 oracle.com 177 users
  10. #10 microsoft.com 167 users
  11. #11 nike.com 113 users
  12. #12 cisco.com 111 users
  13. #13 ibm.com 83 users
  14. #14 walmart.com 52 users
  15. #15 westernunion.com 51 users
  16. #16 intel.com 38 users
  17. #17 broadcom.com 26 users
  18. #18 americanexpress.com 22 users
  19. #19 salesforce.com 21 users
  20. #20 fedex.com 20 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

2,686 users

#2

Instagram

instagram.com · com.instagram.android

1,863 users

#3

Netflix

netflix.com · com.netflix.mediaclient

1,663 users

#4

Pinterest

pinterest.com · com.pinterest

1,110 users

#5

Spotify

spotify.com · com.spotify.music

1,048 users

#6

Roblox

roblox.com · com.roblox.client

984 users

#7

Discord

discord.com · com.discord

974 users

#8

Twitter

twitter.com · com.twitter.android

805 users

#9

Snapchat

snapchat.com · com.snapchat.android

718 users

#10

Twitch

app.com · tv.twitch.android.app

629 users

#11

Wish

contextlogic.com · com.contextlogic.wish

517 users

#12

Zoom

videomeetings.com · us.zoom.videomeetings

461 users

#13

PayPal

paypal.com · com.paypal.android.p2pmobile

427 users

#14

Mega

app.com · mega.privacy.android.app

402 users

#15

LinkedIn

linkedin.com · com.linkedin.android

337 users

#16

Xiaomi

xiaomi.com · com.xiaomi.account

322 users

#17

Disney

disney.com · com.disney.disneyplus

318 users

#18

Mercadolibre

mercadolibre.com · com.mercadolibre

302 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

205 users

#20

Waze

waze.com · com.waze

194 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 242,709 users
  2. #2 hotmail.com 23,535 users
  3. #3 yahoo.com 9,970 users
  4. #4 outlook.com 5,686 users
  5. #5 icloud.com 1,255 users
  6. #6 yahoo.com.br 798 users
  7. #7 live.com 592 users
  8. #8 yahoo.co.id 417 users
  9. #9 yahoo.com.sg 352 users
  10. #10 ymail.com 343 users
  11. #11 yahoo.fr 311 users
  12. #12 hotmail.fr 301 users
  13. #13 hotmail.es 286 users
  14. #14 yahoo.co.uk 257 users
  15. #15 yahoo.com.ar 254 users
  16. #16 live.com.mx 245 users
  17. #17 msn.com 198 users
  18. #18 mail.com 188 users
  19. #19 orange.fr 183 users
  20. #20 yandex.com 168 users
  21. #21 hotmail.com.ar 168 users
  22. #22 live.fr 166 users
  23. #23 protonmail.com 138 users
  24. #24 proton.me 136 users
  25. #25 yahoo.co.in 135 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 4,857 accounts
  2. #2 twitter.com 1,426 accounts
  3. #3 instagram.com 2,556 accounts
  4. #4 linkedin.com 1,143 accounts
  5. #5 pinterest.com 445 accounts
  6. #6 tiktok.com 508 accounts
  7. #7 snapchat.com 285 accounts
  8. #8 reddit.com 167 accounts
  9. #9 youtube.com 42 accounts
  10. #10 weibo.com 26 accounts
  11. #11 vk.com 216 accounts
  12. #12 telegram.org 26 accounts
  13. #13 tumblr.com 109 accounts
  14. #14 discord.com 1,882 accounts
  15. #15 flickr.com 63 accounts
  16. #16 myspace.com 6 accounts
  17. #17 badoo.com 28 accounts
  18. #18 meetup.com 5 accounts
  19. #19 quora.com 34 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 6,546machines
  2. #2 Generic Stealer 1,475machines
  3. #3 StealC 272machines

Anti-virus Coverage

  1. #1 Windows Defender 5,053machines
  2. #2 Windows Defender [ON] 760machines
  3. #3 None 363machines
  4. #4 Reason Cybersecurity 205machines
  5. #5 Reason Cybersecurity [OFF] 27machines
  6. #6 Avira Security 21machines
  7. #7 ESET Security 18machines
  8. #8 Avast Antivirus 18machines
  9. #9 Malwarebytes [OFF] 14machines
  10. #10 360 Total Security 13machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 25,923hits
  2. #2 sso 7,213hits
  3. #3 zoom 2,041hits
  4. #4 github 1,280hits
  5. #5 webmail 836hits
  6. #6 adfs 515hits
  7. #7 oracle 396hits
  8. #8 owa 357hits
  9. #9 zendesk 329hits
  10. #10 cpanel 292hits
  11. #11 sap 289hits
  12. #12 vpn 268hits
  13. #13 ping 207hits
  14. #14 imap 166hits
  15. #15 sts 164hits
  16. #16 webex 120hits
  17. #17 kaspersky 119hits
  18. #18 extranet 118hits
  19. #19 roundcube 118hits
  20. #20 st 98hits
  21. #21 ftp 78hits
  22. #22 twilio 73hits
  23. #23 okta 72hits
  24. #24 salesforce 67hits
  25. #25 gitlab 58hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure