Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Jul 7 – Jul 14, 2025 13 min read

Infostealers Weekly Report: 2025-07-07 – 2025-07-14

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 22,515 Compromised Machines
#2 8,142 Compromised Employees
#3 3,527 Compromised Users
#4 10,846 Compromised Androids
#5 224,434 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 174
Infections by country

Top 25 countries

  1. #1 India 1,517
  2. #2 Brazil 1,210
  3. #3 United States of America 970
  4. #4 France 723
  5. #5 Spain 698
  6. #6 Poland 537
  7. #7 Japan 453
  8. #8 Indonesia 386
  9. #9 Pakistan 384
  10. #10 Vietnam 363
  11. #11 Philippines 322
  12. #12 Argentina 285
  13. #13 Mexico 236
  14. #14 Turkey 215
  15. #15 Bangladesh 192
  16. #16 South Africa 185
  17. #17 Egypt 182
  18. #18 Kenya 139
  19. #19 Romania 133
  20. #20 Morocco 131
  21. #21 Colombia 119
  22. #22 Germany 119
  23. #23 Thailand 118
  24. #24 Peru 105
  25. #25 Algeria 98

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 16,262 users
  2. #2 facebook.com 12,097 users
  3. #3 live.com 9,243 users
  4. #4 instagram.com 7,320 users
  5. #5 netflix.com 7,315 users
  6. #6 microsoftonline.com 5,879 users
  7. #7 discord.com 5,725 users
  8. #8 com.facebook.katana 5,577 users
  9. #9 amazon.com 4,980 users
  10. #10 com.instagram.android 4,486 users
  11. #11 roblox.com 4,431 users
  12. #12 twitter.com 4,426 users
  13. #13 linkedin.com 4,135 users
  14. #14 paypal.com 4,079 users
  15. #15 steampowered.com 4,008 users
  16. #16 com.netflix.mediaclient 3,944 users
  17. #17 spotify.com 3,925 users
  18. #18 zoom.us 3,796 users
  19. #19 apple.com 3,684 users
  20. #20 twitch.tv 3,503 users
  21. #21 epicgames.com 3,010 users
  22. #22 github.com 2,963 users
  23. #23 com.pinterest 2,956 users
  24. #24 slack.com 2,929 users
  25. #25 com.spotify.music 2,927 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 125 employees
  2. #2 firstmail.ltd 92 employees
  3. #3 rediff.com 83 employees
  4. #4 icicibank.com 76 employees
  5. #5 onet.pl 65 employees
  6. #6 office365.com 52 employees
  7. #7 wp.pl 38 employees
  8. #8 aruba.it 37 employees
  9. #9 bharatnet.internal 32 employees
  10. #10 buenosaires.gob.ar 29 employees
  11. #11 office.com 28 employees
  12. #12 telecom.pt 26 employees
  13. #13 company.local 25 employees
  14. #14 alxswe.com 25 employees
  15. #15 bobibanking.com 24 employees
  16. #16 mail.tm 24 employees
  17. #17 163.com 23 employees
  18. #18 tim.it 23 employees
  19. #19 sempreser.com.br 22 employees
  20. #20 deped.gov.ph 22 employees
  21. #21 secop.gov.co 22 employees
  22. #22 sts.net.pk 21 employees
  23. #23 santander.com.br 20 employees
  24. #24 ibertech.intern 20 employees
  25. #25 microsoft.com 19 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 19 employees
  2. #2 oracle.com 5 employees
  3. #3 ibm.com 5 employees
  4. #4 netflix.com 5 employees
  5. #5 cognizant.com 5 employees
  6. #6 publix.com 5 employees
  7. #7 hp.com 4 employees
  8. #8 amazon.com 4 employees
  9. #9 ford.com 3 employees
  10. #10 halliburton.com 2 employees
  11. #11 google.com 2 employees
  12. #12 gm.com 2 employees
  13. #13 paypal.com 2 employees
  14. #14 nov.com 1 employees
  15. #15 nike.com 1 employees
  16. #16 ge.com 1 employees
  17. #17 officedepot.com 1 employees
  18. #18 jll.com 1 employees
  19. #19 cisco.com 1 employees
  20. #20 jpmorganchase.com 1 employees

Compromised users

  1. #1 google.com 16,262 users
  2. #2 facebook.com 12,097 users
  3. #3 netflix.com 7,315 users
  4. #4 amazon.com 4,980 users
  5. #5 paypal.com 4,079 users
  6. #6 apple.com 3,684 users
  7. #7 ebay.com 656 users
  8. #8 salesforce.com 650 users
  9. #9 microsoft.com 584 users
  10. #10 nike.com 565 users
  11. #11 oracle.com 561 users
  12. #12 hp.com 526 users
  13. #13 cisco.com 328 users
  14. #14 walmart.com 248 users
  15. #15 ibm.com 188 users
  16. #16 ups.com 170 users
  17. #17 wellsfargo.com 143 users
  18. #18 bankofamerica.com 134 users
  19. #19 bestbuy.com 129 users
  20. #20 westernunion.com 121 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

5,577 users

#2

Instagram

instagram.com · com.instagram.android

4,486 users

#3

Netflix

netflix.com · com.netflix.mediaclient

3,944 users

#4

Pinterest

pinterest.com · com.pinterest

2,956 users

#5

Spotify

spotify.com · com.spotify.music

2,927 users

#6

Discord

discord.com · com.discord

2,843 users

#7

Roblox

roblox.com · com.roblox.client

2,765 users

#8

Twitch

app.com · tv.twitch.android.app

2,106 users

#9

Snapchat

snapchat.com · com.snapchat.android

1,854 users

#10

Twitter

twitter.com · com.twitter.android

1,822 users

#11

Wish

contextlogic.com · com.contextlogic.wish

1,453 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

1,251 users

#13

Disney

disney.com · com.disney.disneyplus

903 users

#14

Zoom

videomeetings.com · us.zoom.videomeetings

894 users

#15

LinkedIn

linkedin.com · com.linkedin.android

859 users

#16

Mega

app.com · mega.privacy.android.app

856 users

#17

Xiaomi

xiaomi.com · com.xiaomi.account

719 users

#18

Mercadolibre

mercadolibre.com · com.mercadolibre

689 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

554 users

#20

Waze

waze.com · com.waze

542 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 675,126 users
  2. #2 hotmail.com 58,803 users
  3. #3 yahoo.com 29,403 users
  4. #4 outlook.com 16,834 users
  5. #5 icloud.com 5,107 users
  6. #6 live.com 3,287 users
  7. #7 hotmail.fr 2,183 users
  8. #8 yahoo.fr 2,170 users
  9. #9 libero.it 1,605 users
  10. #10 aol.com 1,364 users
  11. #11 yahoo.com.br 1,338 users
  12. #12 hotmail.it 1,331 users
  13. #13 msn.com 1,320 users
  14. #14 hotmail.de 1,318 users
  15. #15 ymail.com 1,203 users
  16. #16 web.de 986 users
  17. #17 orange.fr 921 users
  18. #18 free.fr 892 users
  19. #19 live.fr 848 users
  20. #20 proton.me 809 users
  21. #21 gmx.de 808 users
  22. #22 hotmail.es 740 users
  23. #23 mail.com 732 users
  24. #24 mail.ru 660 users
  25. #25 googlemail.com 580 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 12,097 accounts
  2. #2 twitter.com 4,426 accounts
  3. #3 instagram.com 7,320 accounts
  4. #4 linkedin.com 4,139 accounts
  5. #5 pinterest.com 951 accounts
  6. #6 tiktok.com 1,563 accounts
  7. #7 snapchat.com 1,136 accounts
  8. #8 reddit.com 646 accounts
  9. #9 youtube.com 99 accounts
  10. #10 weibo.com 36 accounts
  11. #11 vk.com 596 accounts
  12. #12 telegram.org 37 accounts
  13. #13 tumblr.com 299 accounts
  14. #14 discord.com 5,725 accounts
  15. #15 flickr.com 177 accounts
  16. #16 myspace.com 36 accounts
  17. #17 badoo.com 96 accounts
  18. #18 meetup.com 24 accounts
  19. #19 quora.com 92 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 13,614machines
  2. #2 Generic Stealer 8,901machines

Anti-virus Coverage

  1. #1 Windows Defender 8,401machines
  2. #2 Windows Defender [ON] 570machines
  3. #3 None 524machines
  4. #4 Reason Cybersecurity 348machines
  5. #5 Bkav Pro Internet Security 29machines
  6. #6 Kaspersky 21machines
  7. #7 Malwarebytes [OFF] 17machines
  8. #8 ESET Security 17machines
  9. #9 Norton Security Ultra 12machines
  10. #10 Panda Dome [OFF] 10machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 67,180hits
  2. #2 sso 16,955hits
  3. #3 zoom 6,468hits
  4. #4 github 4,631hits
  5. #5 vpn 3,325hits
  6. #6 webmail 2,373hits
  7. #7 adfs 1,654hits
  8. #8 oracle 1,151hits
  9. #9 zendesk 1,057hits
  10. #10 jira 974hits
  11. #11 sap 937hits
  12. #12 salesforce 867hits
  13. #13 cpanel 694hits
  14. #14 ping 667hits
  15. #15 sts 564hits
  16. #16 owa 555hits
  17. #17 imap 539hits
  18. #18 gitlab 411hits
  19. #19 extranet 342hits
  20. #20 kaspersky 341hits
  21. #21 roundcube 321hits
  22. #22 ftp 299hits
  23. #23 webex 294hits
  24. #24 okta 256hits
  25. #25 git 252hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
Free Tools Check your exposure