Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Feb 23 – Mar 2, 2026 12 min read

Infostealers Weekly Report: 2026-02-23 – 2026-03-02

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 5,957 Compromised Machines
#2 982 Compromised Employees
#3 1,702 Compromised Users
#4 3,273 Compromised Androids
#5 92,127 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 158
Infections by country

Top 25 countries

  1. #1 India 894
  2. #2 Brazil 327
  3. #3 United States of America 272
  4. #4 Pakistan 242
  5. #5 Vietnam 200
  6. #6 Philippines 140
  7. #7 Indonesia 139
  8. #8 Bangladesh 104
  9. #9 South Africa 103
  10. #10 Mexico 71
  11. #11 Egypt 70
  12. #12 Argentina 69
  13. #13 Sri Lanka 61
  14. #14 Kenya 59
  15. #15 Turkey 51
  16. #16 Colombia 49
  17. #17 Algeria 45
  18. #18 Morocco 45
  19. #19 Italy 45
  20. #20 France 44
  21. #21 Venezuela 38
  22. #22 South Korea 36
  23. #23 Peru 36
  24. #24 Malaysia 36
  25. #25 Chile 35

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 3,769 users
  2. #2 facebook.com 2,872 users
  3. #3 live.com 2,314 users
  4. #4 com.facebook.katana 1,736 users
  5. #5 instagram.com 1,662 users
  6. #6 com.instagram.android 1,303 users
  7. #7 netflix.com 1,242 users
  8. #8 amazon.com 1,186 users
  9. #9 apple.com 1,135 users
  10. #10 discord.com 1,114 users
  11. #11 paypal.com 1,014 users
  12. #12 com.netflix.mediaclient 963 users
  13. #13 roblox.com 884 users
  14. #14 steampowered.com 815 users
  15. #15 192.168.1.1 789 users
  16. #16 twitter.com 783 users
  17. #17 mega.nz 758 users
  18. #18 unlocktoolpro.com 752 users
  19. #19 microsoftonline.com 750 users
  20. #20 linkedin.com 688 users
  21. #21 com.roblox.client 677 users
  22. #22 192.168.0.1 651 users
  23. #23 com.snapchat.android 642 users
  24. #24 openai.com 636 users
  25. #25 unlocktool.net 636 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 32 employees
  2. #2 icicibank.com 32 employees
  3. #3 rediff.com 23 employees
  4. #4 netpnb.com 21 employees
  5. #5 firstmail.ltd 16 employees
  6. #6 bobibanking.com 15 employees
  7. #7 pnbibanking.in 12 employees
  8. #8 unionbankonline.co.in 12 employees
  9. #9 fednetbank.com 12 employees
  10. #10 indiapost.gov.in 10 employees
  11. #11 icai.org 10 employees
  12. #12 mail.tm 10 employees
  13. #13 secureserver.net 10 employees
  14. #14 deped.gov.ph 10 employees
  15. #15 wp.pl 9 employees
  16. #16 sts.net.pk 9 employees
  17. #17 bank.in 9 employees
  18. #18 digimail.in 8 employees
  19. #19 aruba.it 8 employees
  20. #20 freemail.hu 8 employees
  21. #21 cubixhost.site 7 employees
  22. #22 hust.edu.vn 7 employees
  23. #23 ecp.gov.pk 7 employees
  24. #24 lunarmc.in 7 employees
  25. #25 webmail.co.za 7 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 cbre.com 2 employees
  2. #2 amazon.com 2 employees
  3. #3 att.com 2 employees
  4. #4 microsoft.com 2 employees
  5. #5 aa.com 1 employees
  6. #6 jpmorganchase.com 1 employees
  7. #7 harman.com 1 employees
  8. #8 bestbuy.com 1 employees
  9. #9 mckesson.com 1 employees
  10. #10 csc.com 1 employees
  11. #11 centurylink.com 1 employees
  12. #12 facebook.com 1 employees

Compromised users

  1. #1 google.com 3,769 users
  2. #2 facebook.com 2,872 users
  3. #3 netflix.com 1,242 users
  4. #4 amazon.com 1,186 users
  5. #5 apple.com 1,135 users
  6. #6 paypal.com 1,014 users
  7. #7 hp.com 201 users
  8. #8 ebay.com 164 users
  9. #9 oracle.com 129 users
  10. #10 microsoft.com 110 users
  11. #11 nike.com 92 users
  12. #12 walmart.com 91 users
  13. #13 cisco.com 78 users
  14. #14 ibm.com 56 users
  15. #15 ups.com 52 users
  16. #16 intel.com 47 users
  17. #17 fedex.com 47 users
  18. #18 capitalone.com 45 users
  19. #19 adp.com 45 users
  20. #20 target.com 44 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

1,736 users

#2

Instagram

instagram.com · com.instagram.android

1,303 users

#3

Netflix

netflix.com · com.netflix.mediaclient

963 users

#4

Roblox

roblox.com · com.roblox.client

677 users

#5

Snapchat

snapchat.com · com.snapchat.android

642 users

#6

Pinterest

pinterest.com · com.pinterest

626 users

#7

Discord

discord.com · com.discord

612 users

#8

Spotify

spotify.com · com.spotify.music

590 users

#9

Twitter

twitter.com · com.twitter.android

480 users

#10

Wish

contextlogic.com · com.contextlogic.wish

331 users

#11

Twitch

app.com · tv.twitch.android.app

324 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

311 users

#13

Mega

app.com · mega.privacy.android.app

271 users

#14

Zoom

videomeetings.com · us.zoom.videomeetings

269 users

#15

Xiaomi

xiaomi.com · com.xiaomi.account

267 users

#16

LinkedIn

linkedin.com · com.linkedin.android

228 users

#17

Disney

disney.com · com.disney.disneyplus

172 users

#18

Alibaba

alibaba.com · com.alibaba.aliexpresshd

145 users

#19

Waze

waze.com · com.waze

123 users

#20

Mercadolibre

mercadolibre.com · com.mercadolibre

113 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 176,896 users
  2. #2 hotmail.com 12,366 users
  3. #3 yahoo.com 5,622 users
  4. #4 outlook.com 4,692 users
  5. #5 icloud.com 1,378 users
  6. #6 msn.com 1,257 users
  7. #7 mail.ru 1,170 users
  8. #8 live.com 667 users
  9. #9 pm.me 634 users
  10. #10 yahoo.com.br 480 users
  11. #11 aol.com 473 users
  12. #12 live.com.ar 430 users
  13. #13 yandex.ru 391 users
  14. #14 proton.me 388 users
  15. #15 yahoo.fr 303 users
  16. #16 yahoo.co.id 264 users
  17. #17 hotmail.fr 261 users
  18. #18 gmx.fr 215 users
  19. #19 wanadoo.fr 207 users
  20. #20 live.it 207 users
  21. #21 googlemail.com 193 users
  22. #22 free.fr 191 users
  23. #23 yahoo.com.ar 166 users
  24. #24 yahoo.co.in 160 users
  25. #25 mail.com 153 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 2,872 accounts
  2. #2 twitter.com 783 accounts
  3. #3 instagram.com 1,662 accounts
  4. #4 linkedin.com 688 accounts
  5. #5 pinterest.com 306 accounts
  6. #6 tiktok.com 425 accounts
  7. #7 snapchat.com 342 accounts
  8. #8 reddit.com 114 accounts
  9. #9 youtube.com 22 accounts
  10. #10 weibo.com 1 accounts
  11. #11 vk.com 136 accounts
  12. #12 telegram.org 42 accounts
  13. #13 tumblr.com 62 accounts
  14. #14 discord.com 1,114 accounts
  15. #15 flickr.com 25 accounts
  16. #16 myspace.com 20 accounts
  17. #17 badoo.com 29 accounts
  18. #18 meetup.com 5 accounts
  19. #19 quora.com 19 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Generic Stealer 2,235machines
  2. #2 Acreed 2,107machines
  3. #3 Lumma 1,183machines
  4. #4 Vidar 432machines

Anti-virus Coverage

  1. #1 Windows Defender 2,818machines
  2. #2 No anti-virus installed 506machines
  3. #3 McAfee 1machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 20,904hits
  2. #2 sso 5,122hits
  3. #3 zoom 996hits
  4. #4 github 944hits
  5. #5 webmail 521hits
  6. #6 adfs 395hits
  7. #7 zendesk 309hits
  8. #8 sap 269hits
  9. #9 oracle 244hits
  10. #10 vpn 239hits
  11. #11 owa 220hits
  12. #12 cpanel 159hits
  13. #13 st 110hits
  14. #14 ping 108hits
  15. #15 ssh 97hits
  16. #16 kaspersky 96hits
  17. #17 sts 87hits
  18. #18 ftp 79hits
  19. #19 extranet 74hits
  20. #20 roundcube 62hits
  21. #21 okta 61hits
  22. #22 webex 58hits
  23. #23 twilio 47hits
  24. #24 gitlab 47hits
  25. #25 salesforce 41hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
Free Tools Check your exposure