Infostealers Weekly Report: 2020-12-07 – 2020-12-13
InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 4,143
- #2 Indonesia 1,781
- #3 United States of America 1,657
- #4 Pakistan 1,171
- #5 Brazil 832
- #6 Spain 731
- #7 Philippines 693
- #8 Turkey 585
- #9 Germany 568
- #10 France 447
- #11 Vietnam 441
- #12 Bangladesh 384
- #13 Thailand 367
- #14 Italy 323
- #15 Malaysia 283
- #16 Egypt 277
- #17 United Kingdom 269
- #18 Mexico 268
- #19 Sri Lanka 233
- #20 Canada 217
- #21 Algeria 217
- #22 South Korea 213
- #23 Romania 212
- #24 Poland 205
- #25 Israel 199
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 17,625 users
-
#2
facebook.com 12,752 users
-
#3
live.com 9,761 users
-
#4
twitter.com 4,643 users
-
#5
amazon.com 4,472 users
-
#6
netflix.com 4,412 users
-
#7
instagram.com 4,178 users
-
#8
paypal.com 3,846 users
-
#9
mega.nz 3,601 users
-
#10
com.facebook.katana 3,304 users
-
#11
yahoo.com 2,884 users
-
#12
roblox.com 2,870 users
-
#13
2,852 users
-
#14
twitch.tv 2,781 users
-
#15
discord.com 2,770 users
-
#16
steampowered.com 2,745 users
-
#17
linkedin.com 2,650 users
-
#18
epicgames.com 2,639 users
-
#19
apple.com 2,461 users
-
#20
microsoftonline.com 2,185 users
-
#21
steamcommunity.com 2,152 users
-
#22
discordapp.com 2,091 users
-
#23
minecraft.net 2,053 users
-
#24
riotgames.com 1,993 users
-
#25
spotify.com 1,940 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
rediff.com 110 employees
-
#2
icicibank.com 102 employees
-
#3
digimail.in 72 employees
-
#4
tim.it 46 employees
-
#5
accenture.com 37 employees
-
#6
pec.it 34 employees
-
#7
-
#8
o2.pl 29 employees
-
#9
telecom.pt 28 employees
-
#10
unionbankonline.co.in 27 employees
-
#11
freemail.hu 25 employees
-
#12
aruba.it 23 employees
-
#13
http://localhost/wordpress/wp-admin/install.php 22 employees
-
#14
onlinesbi.com 21 employees
-
#15
publix.com 20 employees
-
#16
indusind.com 19 employees
-
#17
bluehost.com 19 employees
-
#18
bni.co.id 18 employees
-
#19
netpnb.com 17 employees
-
#20
interia.pl 17 employees
-
#21
confused.com 16 employees
-
#22
microgame.it 16 employees
-
#23
onet.pl 16 employees
-
#24
one.com 15 employees
-
#25
sapo.pt 14 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
-
#2
microsoft.com 10 employees
-
#3
twc.com 7 employees
-
#4
cognizant.com 6 employees
-
#5
-
#6
rockwellautomation.com 4 employees
-
#7
abbott.com 3 employees
-
#8
fisglobal.com 3 employees
-
#9
oracle.com 3 employees
-
#10
hp.com 3 employees
-
#11
-
#12
att.com 2 employees
-
#13
frontier.com 2 employees
-
#14
johnsoncontrols.com 2 employees
-
#15
csc.com 2 employees
-
#16
-
#17
gm.com 1 employees
-
#18
ti.com 1 employees
-
#19
goodyear.com 1 employees
-
#20
centurylink.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 1,269 users
-
#8
-
#9
walmart.com 433 users
-
#10
-
#11
ups.com 274 users
-
#12
cisco.com 265 users
-
#13
capitalone.com 247 users
-
#14
-
#15
adp.com 205 users
-
#16
bestbuy.com 200 users
-
#17
wellsfargo.com 198 users
-
#18
target.com 198 users
-
#19
-
#20
fedex.com 163 users
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 36,233hits
- #2 sso 11,981hits
- #3 zoom 3,154hits
- #4 webmail 2,266hits
- #5 adfs 2,207hits
- #6 github 1,713hits
- #7 oracle 1,135hits
- #8 owa 962hits
- #9 sap 784hits
- #10 sts 772hits
- #11 webex 734hits
- #12 zendesk 679hits
- #13 cpanel 526hits
- #14 ftp 519hits
- #15 ping 480hits
- #16 vpn 448hits
- #17 st 353hits
- #18 extranet 322hits
- #19 kaspersky 297hits
- #20 zimbra 286hits
- #21 salesforce 247hits
- #22 citrix 185hits
- #23 imap 182hits
- #24 dana-na 137hits
- #25 okta 131hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains