Infostealers Weekly Report: 2019-12-09 – 2019-12-15
InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 1,873
- #2 Indonesia 1,443
- #3 Brazil 1,150
- #4 Vietnam 1,145
- #5 Egypt 1,087
- #6 Thailand 984
- #7 Turkey 889
- #8 Pakistan 846
- #9 Philippines 415
- #10 Saudi Arabia 408
- #11 Bangladesh 397
- #12 Malaysia 342
- #13 Algeria 331
- #14 Morocco 286
- #15 Romania 260
- #16 Argentina 236
- #17 Hungary 159
- #18 Sri Lanka 158
- #19 Mexico 155
- #20 Nepal 154
- #21 South Korea 152
- #22 Chile 149
- #23 Serbia 149
- #24 Spain 148
- #25 Italy 144
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 11,451 users
-
#2
facebook.com 9,137 users
-
#3
live.com 5,831 users
-
#4
3,293 users
-
#5
twitter.com 2,967 users
-
#6
yahoo.com 2,400 users
-
#7
mega.nz 2,378 users
-
#8
instagram.com 2,123 users
-
#9
netflix.com 2,063 users
-
#10
paypal.com 1,818 users
-
#11
discordapp.com 1,800 users
-
#12
linkedin.com 1,798 users
-
#13
amazon.com 1,746 users
-
#14
steampowered.com 1,513 users
-
#15
roblox.com 1,393 users
-
#16
dropbox.com 1,382 users
-
#17
apple.com 1,339 users
-
#18
epicgames.com 1,235 users
-
#19
twitch.tv 1,186 users
-
#20
steamcommunity.com 1,169 users
-
#21
admin 1,152 users
-
#22
minecraft.net 912 users
-
#23
adobe.com 894 users
-
#24
192.168.1.1 878 users
-
#25
ea.com 867 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
taqat.sa 83 employees
-
#2
rediff.com 59 employees
-
#3
icicibank.com 54 employees
-
#4
ksu.edu.sa 52 employees
-
#5
-
#6
telecom.pt 30 employees
-
#7
freemail.hu 29 employees
-
#8
abv.bg 24 employees
-
#9
secureserver.net 24 employees
-
#10
onlinesbi.com 20 employees
-
#11
digimail.in 19 employees
-
#12
inacap.cl 17 employees
-
#13
accenture.com 16 employees
-
#14
ig.com.br 16 employees
-
#15
ukr.net 16 employees
-
#16
isacombank.com.vn 15 employees
-
#17
interia.pl 14 employees
-
#18
netpnb.com 14 employees
-
#19
bluehost.com 14 employees
-
#20
chelwest.nhs.uk 14 employees
-
#21
one.com 13 employees
-
#22
hostgator.com.br 13 employees
-
#23
o2.pl 13 employees
-
#24
hostnegar.com 12 employees
-
#25
globo.com 11 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
-
#2
microsoft.com 4 employees
-
#3
rockwellautomation.com 2 employees
-
#4
jacobs.com 1 employees
-
#5
abbott.com 1 employees
-
#6
hp.com 1 employees
-
#7
mckesson.com 1 employees
-
#8
bakerhughes.com 1 employees
-
#9
ge.com 1 employees
-
#10
dana.com 1 employees
-
#11
chevron.com 1 employees
-
#12
publix.com 1 employees
-
#13
-
#14
cognizant.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 554 users
-
#8
oracle.com 230 users
-
#9
-
#10
cisco.com 101 users
-
#11
-
#12
westernunion.com 52 users
-
#13
ups.com 49 users
-
#14
ibm.com 45 users
-
#15
walmart.com 39 users
-
#16
intel.com 34 users
-
#17
americanexpress.com 33 users
-
#18
salesforce.com 30 users
-
#19
fedex.com 24 users
-
#20
adp.com 18 users
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 19,532hits
- #2 sso 6,165hits
- #3 webmail 1,217hits
- #4 owa 942hits
- #5 adfs 715hits
- #6 github 679hits
- #7 oracle 575hits
- #8 sap 408hits
- #9 cpanel 393hits
- #10 zendesk 310hits
- #11 st 227hits
- #12 ping 220hits
- #13 kaspersky 219hits
- #14 ftp 202hits
- #15 sts 200hits
- #16 extranet 123hits
- #17 salesforce 94hits
- #18 roundcube 84hits
- #19 zimbra 82hits
- #20 bitbucket 78hits
- #21 zoom 75hits
- #22 vpn 72hits
- #23 webex 70hits
- #24 gitlab 63hits
- #25 imap 56hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-05-18 – 2026-05-25
- 14K machines
- 4K users
- 187K domains
Infostealers Weekly Report: 2026-05-11 – 2026-05-18
- 25K machines
- 2K users
- 319K domains
Infostealers Weekly Report: 2026-05-04 – 2026-05-11
- 16K machines
- 4K users
- 200K domains