Infostealers Weekly Report: 2019-11-18 – 2019-11-24
InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 Vietnam 91
- #2 Pakistan 7
- #3 Venezuela 6
- #4 Spain 5
- #5 Germany 4
- #6 Brazil 4
- #7 India 4
- #8 United States of America 3
- #9 Ghana 3
- #10 Belgium 3
- #11 Thailand 3
- #12 Nigeria 2
- #13 South Africa 2
- #14 Philippines 2
- #15 Indonesia 2
- #16 Egypt 2
- #17 Mayotte 1
- #18 Algeria 1
- #19 United Arab Emirates 1
- #20 Mauritius 1
- #21 Argentina 1
- #22 Kenya 1
- #23 Cambodia 1
- #24 Georgia 1
- #25 Bhutan 1
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 112 users
-
#2
facebook.com 106 users
-
#3
live.com 33 users
-
#4
paypal.com 25 users
-
#5
twitter.com 20 users
-
#6
apple.com 17 users
-
#7
roblox.com 17 users
-
#8
netflix.com 16 users
-
#9
epicgames.com 14 users
-
#10
mega.nz 13 users
-
#11
discordapp.com 13 users
-
#12
shopee.vn 12 users
-
#13
amazon.com 12 users
-
#14
steampowered.com 11 users
-
#15
steamcommunity.com 11 users
-
#16
com.facebook.katana 11 users
-
#17
zing.vn 10 users
-
#18
twitch.tv 10 users
-
#19
violet.vn 10 users
-
#20
minecraft.net 9 users
-
#21
com.netflix.mediaclient 8 users
-
#22
192.168.1.1 8 users
-
#23
yahoo.com 8 users
-
#24
violympic.vn 8 users
-
#25
dropbox.com 8 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
quangtri.gov.vn 2 employees
-
#2
ffmoto.net 1 employees
-
#3
festivaldemuriae.com.br 1 employees
-
#4
agcocorp.com 1 employees
-
#5
rediff.com 1 employees
-
#6
uni5.net 1 employees
-
#7
upm.es 1 employees
-
#8
pakvision.pk 1 employees
-
#9
fuochdistribuidora.com.br 1 employees
-
#10
gemseducation.com 1 employees
-
#11
leelatours.co.in 1 employees
-
#12
ucam.edu 1 employees
-
#13
bsnl.in 1 employees
-
#14
bpost.be 1 employees
-
#15
ftp://hoanh.biz/ 1 employees
-
#16
provincedeliege.be 1 employees
-
#17
icicibank.com 1 employees
-
#18
premierrealty.vn 1 employees
-
#19
ojk.go.id 1 employees
-
#20
estacio.br 1 employees
-
#21
vozdaparoquia.com.br 1 employees
-
#22
lider104fm.com.br 1 employees
-
#23
gplogistics.vn 1 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 2 users
-
#8
hp.com 2 users
-
#9
oracle.com 1 users
-
#10
westernunion.com 1 users
-
#11
bankofamerica.com 1 users
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 137hits
- #2 sso 42hits
- #3 webmail 14hits
- #4 github 9hits
- #5 adfs 6hits
- #6 imap 5hits
- #7 zoom 3hits
- #8 zendesk 3hits
- #9 webex 2hits
- #10 sts 2hits
- #11 dana-na 1hits
- #12 ping 1hits
- #13 twilio 1hits
- #14 extranet 1hits
- #15 oracle 1hits
- #16 vpn 1hits
- #17 ftp 1hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains