Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Feb 24 – Mar 3, 2025 12 min read

Infostealers Weekly Report: 2025-02-24 – 2025-03-03

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 7,872 Compromised Machines
#2 1,678 Compromised Employees
#3 1,528 Compromised Users
#4 4,666 Compromised Androids
#5 111,803 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 142
Infections by country

Top 25 countries

  1. #1 India 787
  2. #2 Brazil 539
  3. #3 Indonesia 486
  4. #4 Vietnam 357
  5. #5 Turkey 290
  6. #6 Thailand 283
  7. #7 Pakistan 253
  8. #8 Egypt 240
  9. #9 Philippines 229
  10. #10 Mexico 198
  11. #11 Argentina 191
  12. #12 Colombia 165
  13. #13 Peru 163
  14. #14 Morocco 126
  15. #15 Algeria 103
  16. #16 Bangladesh 102
  17. #17 Sri Lanka 72
  18. #18 South Korea 72
  19. #19 Chile 69
  20. #20 South Africa 68
  21. #21 Taiwan 60
  22. #22 Malaysia 58
  23. #23 Kenya 56
  24. #24 Venezuela 55
  25. #25 Saudi Arabia 52

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 5,289 users
  2. #2 facebook.com 4,542 users
  3. #3 live.com 3,951 users
  4. #4 com.facebook.katana 2,454 users
  5. #5 instagram.com 2,427 users
  6. #6 netflix.com 2,151 users
  7. #7 discord.com 1,832 users
  8. #8 com.instagram.android 1,717 users
  9. #9 amazon.com 1,634 users
  10. #10 com.netflix.mediaclient 1,552 users
  11. #11 roblox.com 1,510 users
  12. #12 microsoftonline.com 1,389 users
  13. #13 twitter.com 1,326 users
  14. #14 paypal.com 1,239 users
  15. #15 steampowered.com 1,220 users
  16. #16 apple.com 1,211 users
  17. #17 192.168.1.1 1,149 users
  18. #18 com.pinterest 1,126 users
  19. #19 mega.nz 1,082 users
  20. #20 com.roblox.client 1,081 users
  21. #21 linkedin.com 1,061 users
  22. #22 com.spotify.music 1,033 users
  23. #23 spotify.com 1,021 users
  24. #24 yahoo.com 909 users
  25. #25 com.discord 907 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 45 employees
  2. #2 icicibank.com 30 employees
  3. #3 rediff.com 21 employees
  4. #4 secop.gov.co 19 employees
  5. #5 buenosaires.gob.ar 14 employees
  6. #6 laureate.net 12 employees
  7. #7 sempreser.com.br 11 employees
  8. #8 digimail.in 11 employees
  9. #9 concentrix.com 11 employees
  10. #10 unionbankonline.co.in 11 employees
  11. #11 mail.tm 11 employees
  12. #12 bobibanking.com 10 employees
  13. #13 utp.edu.pe 10 employees
  14. #14 qq.com 10 employees
  15. #15 indusind.com 10 employees
  16. #16 firstmail.ltd 10 employees
  17. #17 fednetbank.com 9 employees
  18. #18 yandex.com.tr 9 employees
  19. #19 watchit.com 9 employees
  20. #20 icai.org 9 employees
  21. #21 netpnb.com 9 employees
  22. #22 naver.com 9 employees
  23. #23 ig.com.br 9 employees
  24. #24 santander.com.br 8 employees
  25. #25 rockwellautomation.com 8 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 8 employees
  2. #2 ibm.com 3 employees
  3. #3 microsoft.com 3 employees
  4. #4 oracle.com 2 employees
  5. #5 jll.com 2 employees
  6. #6 mckesson.com 2 employees
  7. #7 att.com 1 employees
  8. #8 newmont.com 1 employees
  9. #9 intel.com 1 employees
  10. #10 hp.com 1 employees
  11. #11 amazon.com 1 employees
  12. #12 cbre.com 1 employees
  13. #13 cablevision.com 1 employees

Compromised users

  1. #1 google.com 5,289 users
  2. #2 facebook.com 4,542 users
  3. #3 netflix.com 2,151 users
  4. #4 amazon.com 1,634 users
  5. #5 paypal.com 1,239 users
  6. #6 apple.com 1,211 users
  7. #7 ebay.com 222 users
  8. #8 oracle.com 219 users
  9. #9 microsoft.com 200 users
  10. #10 hp.com 177 users
  11. #11 cisco.com 125 users
  12. #12 nike.com 113 users
  13. #13 ibm.com 78 users
  14. #14 walmart.com 49 users
  15. #15 westernunion.com 37 users
  16. #16 ups.com 27 users
  17. #17 salesforce.com 23 users
  18. #18 fedex.com 21 users
  19. #19 intel.com 21 users
  20. #20 adp.com 18 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

2,455 users

#2

Instagram

instagram.com · com.instagram.android

1,718 users

#3

Netflix

netflix.com · com.netflix.mediaclient

1,552 users

#4

Pinterest

pinterest.com · com.pinterest

1,126 users

#5

Roblox

roblox.com · com.roblox.client

1,082 users

#6

Spotify

spotify.com · com.spotify.music

1,033 users

#7

Discord

discord.com · com.discord

907 users

#8

Twitter

twitter.com · com.twitter.android

733 users

#9

Snapchat

snapchat.com · com.snapchat.android

704 users

#10

Twitch

app.com · tv.twitch.android.app

638 users

#11

Wish

contextlogic.com · com.contextlogic.wish

500 users

#12

Zoom

videomeetings.com · us.zoom.videomeetings

422 users

#13

PayPal

paypal.com · com.paypal.android.p2pmobile

411 users

#14

Mega

app.com · mega.privacy.android.app

355 users

#15

Disney

disney.com · com.disney.disneyplus

331 users

#16

LinkedIn

linkedin.com · com.linkedin.android

327 users

#17

Mercadolibre

mercadolibre.com · com.mercadolibre

311 users

#18

Xiaomi

xiaomi.com · com.xiaomi.account

303 users

#19

Waze

waze.com · com.waze

232 users

#20

Alibaba

alibaba.com · com.alibaba.aliexpresshd

203 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 230,202 users
  2. #2 hotmail.com 25,594 users
  3. #3 yahoo.com 6,674 users
  4. #4 outlook.com 6,462 users
  5. #5 icloud.com 1,220 users
  6. #6 yahoo.com.br 1,019 users
  7. #7 live.com 856 users
  8. #8 yandex.com 793 users
  9. #9 yahoo.co.id 684 users
  10. #10 hotmail.es 528 users
  11. #11 live.com.mx 410 users
  12. #12 mail.com 388 users
  13. #13 ymail.com 386 users
  14. #14 yahoo.fr 333 users
  15. #15 hotmail.fr 313 users
  16. #16 protonmail.com 304 users
  17. #17 yahoo.com.ar 273 users
  18. #18 msn.com 223 users
  19. #19 yahoo.co.uk 203 users
  20. #20 proton.me 197 users
  21. #21 aol.com 189 users
  22. #22 hanmail.net 171 users
  23. #23 gmx.com 171 users
  24. #24 mail.ru 139 users
  25. #25 yahoo.co.in 132 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 4,532 accounts
  2. #2 twitter.com 1,325 accounts
  3. #3 instagram.com 2,425 accounts
  4. #4 linkedin.com 1,060 accounts
  5. #5 pinterest.com 408 accounts
  6. #6 tiktok.com 477 accounts
  7. #7 snapchat.com 285 accounts
  8. #8 reddit.com 150 accounts
  9. #9 youtube.com 31 accounts
  10. #10 weibo.com 18 accounts
  11. #11 vk.com 207 accounts
  12. #12 telegram.org 22 accounts
  13. #13 tumblr.com 109 accounts
  14. #14 discord.com 1,830 accounts
  15. #15 flickr.com 69 accounts
  16. #16 myspace.com 6 accounts
  17. #17 badoo.com 30 accounts
  18. #18 meetup.com 3 accounts
  19. #19 quora.com 35 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 6,283machines
  2. #2 Generic Stealer 1,532machines
  3. #3 Vidar 40machines

Anti-virus Coverage

  1. #1 Windows Defender 4,694machines
  2. #2 Windows Defender [ON] 587machines
  3. #3 Reason Cybersecurity 328machines
  4. #4 None 278machines
  5. #5 Disabled 40machines
  6. #6 Avast Antivirus 16machines
  7. #7 ESET Security 15machines
  8. #8 Quick Heal Total Security 14machines
  9. #9 Reason Cybersecurity [OFF] 13machines
  10. #10 Malwarebytes [OFF] 11machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 24,927hits
  2. #2 sso 6,986hits
  3. #3 zoom 1,960hits
  4. #4 github 1,344hits
  5. #5 webmail 820hits
  6. #6 oracle 500hits
  7. #7 adfs 478hits
  8. #8 zendesk 339hits
  9. #9 sap 318hits
  10. #10 cpanel 277hits
  11. #11 owa 272hits
  12. #12 vpn 252hits
  13. #13 sts 251hits
  14. #14 ping 219hits
  15. #15 webex 180hits
  16. #16 roundcube 165hits
  17. #17 ftp 124hits
  18. #18 extranet 119hits
  19. #19 kaspersky 118hits
  20. #20 okta 91hits
  21. #21 st 83hits
  22. #22 salesforce 69hits
  23. #23 twilio 61hits
  24. #24 imap 57hits
  25. #25 gitlab 45hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure