Weekly intelligence Jun 8 – Jun 14, 2020 11 min read

Infostealers Weekly Report: 2020-06-08 – 2020-06-14

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 150

Infections by country

Top 25 countries

#1 India 1,785
#2 United States of America 1,540
#3 Brazil 605
#4 Spain 462
#5 Pakistan 450
#6 Indonesia 434
#7 France 434
#8 Germany 356
#9 Vietnam 322
#10 Philippines 304
#11 Thailand 270
#12 Egypt 251
#13 Turkey 246
#14 Canada 182
#15 Mexico 164
#16 Algeria 155
#17 Bangladesh 141
#18 Colombia 139
#19 Morocco 139
#20 Malaysia 138
#21 Poland 120
#22 Argentina 118
#23 United Kingdom 116
#24 Israel 111
#25 Australia 110

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 9,422 users
#2 facebook.com 6,581 users
#3 live.com 5,243 users
#4 netflix.com 2,622 users
#5 twitter.com 2,617 users
#6 amazon.com 2,612 users
#7 paypal.com 2,231 users
#8 instagram.com 2,195 users
#9 roblox.com 1,869 users
#10 mega.nz 1,831 users
#11 epicgames.com 1,782 users
#12 com.facebook.katana 1,695 users
#13 twitch.tv 1,663 users
#14 yahoo.com 1,655 users
#15 discordapp.com 1,613 users
#16 steampowered.com 1,529 users
#17 linkedin.com 1,425 users
#18 minecraft.net 1,403 users
#19 apple.com 1,371 users
#20 1,329 users
#21 steamcommunity.com 1,278 users
#22 com.netflix.mediaclient 1,189 users
#23 microsoftonline.com 1,150 users
#24 spotify.com 1,144 users
#25 dropbox.com 1,136 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 rediff.com 58 employees
#2 icicibank.com 32 employees
#3 30 employees
#4 secureserver.net 22 employees
#5 digimail.in 20 employees
#6 interia.pl 18 employees
#7 http://localhost/wordpress/wp-admin/install.php 18 employees
#8 publix.com 17 employees
#9 ovh.net 16 employees
#10 confused.com 15 employees
#11 k12.fl.us 14 employees
#12 bluehost.com 13 employees
#13 onet.pl 12 employees
#14 unionbankonline.co.in 11 employees
#15 rediffmailpro.com 11 employees
#16 rmunify.com 11 employees
#17 onlinesbi.com 10 employees
#18 freenet.de 10 employees
#19 laureate.net 10 employees
#20 telecom.pt 10 employees
#21 accenture.com 10 employees
#22 o2.pl 9 employees
#23 abv.bg 9 employees
#24 jcyl.es 9 employees
#25 cox.net 9 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 publix.com 17 employees
#2 twc.com 8 employees
#3 frontier.com 5 employees
#4 hp.com 4 employees
#5 microsoft.com 4 employees
#6 cognizant.com 2 employees
#7 disney.com 2 employees
#8 costco.com 2 employees
#9 rockwellautomation.com 2 employees
#10 pepsico.com 1 employees
#11 intel.com 1 employees
#12 nike.com 1 employees
#13 google.com 1 employees
#14 amerisourcebergen.com 1 employees
#15 rockwellcollins.com 1 employees
#16 verizon.com 1 employees
#17 staples.com 1 employees
#18 emc.com 1 employees
#19 halliburton.com 1 employees
#20 aa.com 1 employees

Compromised users

#1 google.com 9,422 users
#2 facebook.com 6,581 users
#3 netflix.com 2,622 users
#4 amazon.com 2,612 users
#5 paypal.com 2,231 users
#6 apple.com 1,371 users
#7 ebay.com 851 users
#8 walmart.com 375 users
#9 capitalone.com 240 users
#10 oracle.com 228 users
#11 ups.com 223 users
#12 att.com 213 users
#13 adp.com 194 users
#14 target.com 178 users
#15 wellsfargo.com 175 users
#16 bestbuy.com 171 users
#17 fedex.com 145 users
#18 hp.com 141 users
#19 bankofamerica.com 141 users
#20 cisco.com 129 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 19,735hits
#2 sso 6,955hits
#3 adfs 1,526hits
#4 webmail 1,521hits
#5 zoom 1,423hits
#6 github 760hits
#7 owa 593hits
#8 sap 575hits
#9 oracle 516hits
#10 sts 425hits
#11 zendesk 402hits
#12 ftp 385hits
#13 ping 342hits
#14 cpanel 321hits
#15 st 297hits
#16 vpn 257hits
#17 extranet 248hits
#18 webex 238hits
#19 salesforce 218hits
#20 imap 196hits
#21 zimbra 180hits
#22 kaspersky 126hits
#23 roundcube 97hits
#24 dana-na 95hits
#25 okta 79hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Apr 27 → May 4, 2026 12 min

Infostealers Weekly Report: 2026-04-27 – 2026-05-04

14K machines
4K users
186K domains

View report →