Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Apr 6 – Apr 12, 2020 12 min read

Infostealers Weekly Report: 2020-04-06 – 2020-04-12

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 153
Infections by country

Top 25 countries

  1. #1 United States of America 1,901
  2. #2 Turkey 1,377
  3. #3 Pakistan 1,019
  4. #4 India 946
  5. #5 Spain 712
  6. #6 Indonesia 684
  7. #7 Brazil 612
  8. #8 Germany 511
  9. #9 France 415
  10. #10 Vietnam 400
  11. #11 Thailand 394
  12. #12 Italy 335
  13. #13 Romania 248
  14. #14 Philippines 245
  15. #15 Morocco 242
  16. #16 Malaysia 241
  17. #17 Egypt 235
  18. #18 United Kingdom 193
  19. #19 Algeria 189
  20. #20 Canada 166
  21. #21 Bangladesh 164
  22. #22 Poland 147
  23. #23 Australia 130
  24. #24 Serbia 124
  25. #25 Sri Lanka 120

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 10,977 users
  2. #2 facebook.com 8,081 users
  3. #3 live.com 6,252 users
  4. #4 twitter.com 3,117 users
  5. #5 netflix.com 3,055 users
  6. #6 amazon.com 2,791 users
  7. #7 paypal.com 2,604 users
  8. #8 instagram.com 2,558 users
  9. #9 discordapp.com 2,253 users
  10. #10 roblox.com 2,204 users
  11. #11 mega.nz 2,110 users
  12. #12 twitch.tv 2,041 users
  13. #13 yahoo.com 2,028 users
  14. #14 com.facebook.katana 1,998 users
  15. #15 epicgames.com 1,973 users
  16. #16 steampowered.com 1,927 users
  17. #17 steamcommunity.com 1,723 users
  18. #18 apple.com 1,666 users
  19. #19 linkedin.com 1,615 users
  20. #20 minecraft.net 1,545 users
  21. #21 1,424 users
  22. #22 spotify.com 1,327 users
  23. #23 com.netflix.mediaclient 1,322 users
  24. #24 dropbox.com 1,303 users
  25. #25 com.spotify.music 1,287 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 icicibank.com 40 employees
  2. #2 aruba.it 36 employees
  3. #3 yandex.com.tr 36 employees
  4. #4 telecom.pt 34 employees
  5. #5 tim.it 32 employees
  6. #6 publix.com 27 employees
  7. #7 pec.it 26 employees
  8. #8 freemail.hu 23 employees
  9. #9 rediff.com 23 employees
  10. #10 23 employees
  11. #11 interia.pl 19 employees
  12. #12 ig.com.br 17 employees
  13. #13 o2.pl 17 employees
  14. #14 onet.pl 16 employees
  15. #15 confused.com 15 employees
  16. #16 bluehost.com 15 employees
  17. #17 sapo.pt 15 employees
  18. #18 secureserver.net 14 employees
  19. #19 http://localhost/wordpress/wp-admin/install.php 13 employees
  20. #20 k12.fl.us 13 employees
  21. #21 anadolu.edu.tr 12 employees
  22. #22 maccabi4u.co.il 11 employees
  23. #23 browardschools.com 11 employees
  24. #24 ovh.net 11 employees
  25. #25 mail.de 11 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 publix.com 26 employees
  2. #2 microsoft.com 10 employees
  3. #3 twc.com 5 employees
  4. #4 rockwellautomation.com 5 employees
  5. #5 cognizant.com 4 employees
  6. #6 att.com 3 employees
  7. #7 hp.com 3 employees
  8. #8 bestbuy.com 3 employees
  9. #9 amazon.com 2 employees
  10. #10 johnsoncontrols.com 2 employees
  11. #11 ppg.com 2 employees
  12. #12 netapp.com 2 employees
  13. #13 jacobs.com 2 employees
  14. #14 pg.com 1 employees
  15. #15 parker.com 1 employees
  16. #16 weyerhaeuser.com 1 employees
  17. #17 abbott.com 1 employees
  18. #18 harman.com 1 employees
  19. #19 chs.net 1 employees
  20. #20 ups.com 1 employees

Compromised users

  1. #1 google.com 10,974 users
  2. #2 facebook.com 8,076 users
  3. #3 netflix.com 3,054 users
  4. #4 amazon.com 2,791 users
  5. #5 paypal.com 2,604 users
  6. #6 apple.com 1,666 users
  7. #7 ebay.com 943 users
  8. #8 walmart.com 401 users
  9. #9 oracle.com 230 users
  10. #10 ups.com 228 users
  11. #11 att.com 215 users
  12. #12 capitalone.com 210 users
  13. #13 target.com 198 users
  14. #14 adp.com 182 users
  15. #15 hp.com 170 users
  16. #16 bestbuy.com 165 users
  17. #17 wellsfargo.com 158 users
  18. #18 fedex.com 147 users
  19. #19 bankofamerica.com 136 users
  20. #20 nike.com 124 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 22,732hits
  2. #2 sso 7,278hits
  3. #3 adfs 1,838hits
  4. #4 webmail 1,471hits
  5. #5 zoom 1,194hits
  6. #6 github 756hits
  7. #7 oracle 722hits
  8. #8 owa 704hits
  9. #9 sap 531hits
  10. #10 sts 503hits
  11. #11 zendesk 485hits
  12. #12 ftp 370hits
  13. #13 cpanel 356hits
  14. #14 ping 326hits
  15. #15 st 313hits
  16. #16 vpn 258hits
  17. #17 imap 256hits
  18. #18 kaspersky 224hits
  19. #19 extranet 203hits
  20. #20 webex 154hits
  21. #21 zimbra 144hits
  22. #22 salesforce 133hits
  23. #23 okta 125hits
  24. #24 citrix 118hits
  25. #25 dana-na 93hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure