Weekly intelligence Feb 25 – Mar 3, 2019 10 min read

Infostealers Weekly Report: 2019-02-25 – 2019-03-03

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 109

Infections by country

Top 25 countries

#1 Indonesia 697
#2 India 566
#3 Germany 173
#4 South Korea 129
#5 Bangladesh 126
#6 Brazil 122
#7 Canada 87
#8 Philippines 69
#9 Pakistan 58
#10 Malaysia 50
#11 Sri Lanka 48
#12 Australia 43
#13 United Kingdom 33
#14 Algeria 27
#15 Morocco 26
#16 Israel 25
#17 Nigeria 23
#18 United States of America 22
#19 Mexico 22
#20 Hungary 19
#21 Serbia 18
#22 Poland 18
#23 Myanmar (Burma) 18
#24 France 17
#25 Egypt 17

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 1,780 users
#2 facebook.com 1,550 users
#3 live.com 714 users
#4 twitter.com 392 users
#5 yahoo.com 379 users
#6 335 users
#7 paypal.com 321 users
#8 instagram.com 318 users
#9 linkedin.com 287 users
#10 amazon.com 283 users
#11 netflix.com 235 users
#12 steampowered.com 226 users
#13 dropbox.com 224 users
#14 discordapp.com 212 users
#15 mega.nz 205 users
#16 apple.com 200 users
#17 epicgames.com 198 users
#18 roblox.com 185 users
#19 twitch.tv 176 users
#20 steamcommunity.com 173 users
#21 amazon.in 164 users
#22 chrome://FirefoxAccounts 158 users
#23 firefox.com 153 users
#24 192.168.1.1 152 users
#25 adobe.com 140 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 POP3://pop.gmail.com:995 21 employees
#2 icicibank.com 17 employees
#3 rediff.com 14 employees
#4 freenet.de 9 employees
#5 accenture.com 7 employees
#6 interia.pl 6 employees
#7 secureserver.net 6 employees
#8 digimail.in 6 employees
#9 alberta.ca 5 employees
#10 netpnb.com 5 employees
#11 lycos.com 4 employees
#12 freemail.hu 4 employees
#13 indusind.com 4 employees
#14 mail.gov.in 4 employees
#15 3 employees
#16 POP3://[email protected]:0 3 employees
#17 gmx.es 3 employees
#18 POP3://pop.mail.yahoo.com:995 3 employees
#19 POP3://[email protected]:0 3 employees
#20 unity-mail.de 3 employees
#21 tarumanagara.com 3 employees
#22 http://localhost/hidayat/wp-admin/install.php 3 employees
#23 syrahost.com 3 employees
#24 maccabi4u.co.il 3 employees
#25 engelbert-strauss.de 3 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 cognizant.com 1 employees
#2 amazon.com 1 employees

Compromised users

#1 google.com 1,780 users
#2 facebook.com 1,550 users
#3 paypal.com 321 users
#4 amazon.com 283 users
#5 netflix.com 235 users
#6 apple.com 200 users
#7 ebay.com 96 users
#8 oracle.com 29 users
#9 hp.com 15 users
#10 westernunion.com 14 users
#11 nike.com 12 users
#12 ups.com 11 users
#13 walmart.com 8 users
#14 ibm.com 8 users
#15 capitalone.com 7 users
#16 cisco.com 7 users
#17 americanexpress.com 6 users
#18 halliburton.com 5 users
#19 visa.com 5 users
#20 microsoft.com 4 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 1,735hits
#2 sso 757hits
#3 imap 285hits
#4 webmail 166hits
#5 adfs 115hits
#6 github 115hits
#7 ftp 90hits
#8 cpanel 66hits
#9 oracle 64hits
#10 zendesk 49hits
#11 sts 49hits
#12 owa 49hits
#13 sap 48hits
#14 st 36hits
#15 kaspersky 36hits
#16 vpn 34hits
#17 gitlab 17hits
#18 extranet 16hits
#19 zoom 16hits
#20 dana-na 12hits
#21 roundcube 12hits
#22 ping 12hits
#23 okta 9hits
#24 cscoe 9hits
#25 webex 6hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →