Weekly intelligence Apr 13 – Apr 19, 2020 13 min read

Infostealers Weekly Report: 2020-04-13 – 2020-04-19

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 184

Infections by country

Top 25 countries

#1 Turkey 4,365
#2 Brazil 3,790
#3 Pakistan 3,556
#4 United States of America 3,364
#5 Indonesia 2,486
#6 Egypt 1,462
#7 Vietnam 1,368
#8 Algeria 1,346
#9 Thailand 1,053
#10 Morocco 924
#11 Argentina 916
#12 Bangladesh 822
#13 Philippines 776
#14 India 678
#15 Romania 645
#16 Malaysia 635
#17 Peru 526
#18 Portugal 493
#19 Sri Lanka 477
#20 South Africa 376
#21 Iraq 366
#22 Nepal 347
#23 Serbia 328
#24 Chile 324
#25 Mexico 324

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 27,746 users
#2 facebook.com 19,219 users
#3 live.com 15,354 users
#4 twitter.com 7,363 users
#5 netflix.com 7,330 users
#6 mega.nz 6,043 users
#7 instagram.com 5,976 users
#8 amazon.com 5,676 users
#9 discordapp.com 5,136 users
#10 yahoo.com 5,045 users
#11 com.facebook.katana 4,903 users
#12 paypal.com 4,787 users
#13 roblox.com 4,758 users
#14 steampowered.com 4,167 users
#15 epicgames.com 3,972 users
#16 apple.com 3,714 users
#17 twitch.tv 3,623 users
#18 linkedin.com 3,615 users
#19 192.168.1.1 3,571 users
#20 3,493 users
#21 steamcommunity.com 3,249 users
#22 com.netflix.mediaclient 3,085 users
#23 minecraft.net 3,030 users
#24 dropbox.com 2,805 users
#25 microsoftonline.com 2,560 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 yandex.com.tr 85 employees
#2 telecom.pt 76 employees
#3 freemail.hu 54 employees
#4 jwpub.org 47 employees
#5 sapo.pt 43 employees
#6 ig.com.br 43 employees
#7 publix.com 42 employees
#8 32 employees
#9 uol.com.br 24 employees
#10 laureate.net 24 employees
#11 abv.bg 23 employees
#12 globo.com 23 employees
#13 rediff.com 23 employees
#14 nbg.gr 23 employees
#15 mynet.com 22 employees
#16 o2.pl 19 employees
#17 hostgator.com 19 employees
#18 utp.edu.pe 19 employees
#19 dadeschools.net 18 employees
#20 isacombank.com.vn 18 employees
#21 ziggo.nl 18 employees
#22 ovh.net 18 employees
#23 icicibank.com 17 employees
#24 pcsb.org 17 employees
#25 interia.pl 17 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 publix.com 42 employees
#2 twc.com 11 employees
#3 frontier.com 10 employees
#4 cognizant.com 6 employees
#5 autonation.com 5 employees
#6 rockwellautomation.com 5 employees
#7 netflix.com 5 employees
#8 paypal.com 5 employees
#9 google.com 4 employees
#10 costco.com 4 employees
#11 microsoft.com 4 employees
#12 pg.com 3 employees
#13 jetblue.com 3 employees
#14 ford.com 3 employees
#15 homedepot.com 3 employees
#16 ppg.com 3 employees
#17 pepsico.com 3 employees
#18 amazon.com 3 employees
#19 xerox.com 2 employees
#20 jacobs.com 2 employees

Compromised users

#1 google.com 27,733 users
#2 facebook.com 19,215 users
#3 netflix.com 7,328 users
#4 amazon.com 5,674 users
#5 paypal.com 4,787 users
#6 apple.com 3,712 users
#7 ebay.com 1,893 users
#8 walmart.com 688 users
#9 oracle.com 474 users
#10 adp.com 395 users
#11 capitalone.com 393 users
#12 att.com 373 users
#13 bestbuy.com 352 users
#14 target.com 347 users
#15 ups.com 346 users
#16 wellsfargo.com 331 users
#17 hp.com 291 users
#18 fedex.com 247 users
#19 microsoft.com 232 users
#20 cisco.com 222 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 42,181hits
#2 sso 14,571hits
#3 adfs 3,062hits
#4 webmail 2,576hits
#5 zoom 2,526hits
#6 github 1,390hits
#7 owa 1,182hits
#8 oracle 1,146hits
#9 sap 1,104hits
#10 zendesk 801hits
#11 sts 674hits
#12 cpanel 573hits
#13 st 539hits
#14 vpn 491hits
#15 ping 487hits
#16 ftp 468hits
#17 extranet 402hits
#18 kaspersky 369hits
#19 webex 308hits
#20 salesforce 209hits
#21 roundcube 200hits
#22 okta 188hits
#23 citrix 130hits
#24 gitlab 116hits
#25 twilio 107hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Apr 27 → May 4, 2026 12 min

Infostealers Weekly Report: 2026-04-27 – 2026-05-04

14K machines
4K users
186K domains

View report →