Weekly intelligence Jun 6 – Jun 12, 2022 14 min read

Infostealers Weekly Report: 2022-06-06 – 2022-06-12

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 217

Infections by country

Top 25 countries

#1 Indonesia 29,950
#2 India 23,384
#3 Brazil 19,643
#4 Vietnam 16,023
#5 Mexico 9,010
#6 Egypt 8,528
#7 Philippines 7,164
#8 Pakistan 6,607
#9 Colombia 6,470
#10 Argentina 5,895
#11 Peru 5,833
#12 Thailand 5,776
#13 United States of America 4,950
#14 Algeria 4,330
#15 Morocco 3,302
#16 Ecuador 3,225
#17 Bangladesh 2,688
#18 Venezuela 2,508
#19 Chile 2,455
#20 Malaysia 2,351
#21 Turkey 2,340
#22 Bolivia 2,208
#23 France 2,183
#24 Germany 2,143
#25 Spain 2,076

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 128,996 users
#2 google.com 90,393 users
#3 facebook.com 80,719 users
#4 live.com 68,570 users
#5 instagram.com 35,050 users
#6 com.facebook.katana 34,516 users
#7 discord.com 34,408 users
#8 netflix.com 32,864 users
#9 roblox.com 32,385 users
#10 twitter.com 29,448 users
#11 amazon.com 26,749 users
#12 steampowered.com 22,999 users
#13 com.instagram.android 22,556 users
#14 paypal.com 21,791 users
#15 microsoftonline.com 20,924 users
#16 com.netflix.mediaclient 20,919 users
#17 mega.nz 20,841 users
#18 twitch.tv 20,817 users
#19 riotgames.com 20,231 users
#20 com.spotify.music 17,162 users
#21 epicgames.com 17,110 users
#22 linkedin.com 16,984 users
#23 com.discord 16,873 users
#24 zoom.us 16,398 users
#25 apple.com 15,531 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 1,513 employees
#2 icicibank.com 366 employees
#3 rediff.com 351 employees
#4 hostinger.com 183 employees
#5 bcb.gov.br 152 employees
#6 netpnb.com 146 employees
#7 163.com 146 employees
#8 laureate.net 141 employees
#9 bni.co.id 139 employees
#10 sp.gov.br 130 employees
#11 secop.gov.co 129 employees
#12 aruba.it 127 employees
#13 secureserver.net 124 employees
#14 digimail.in 122 employees
#15 accenture.com 116 employees
#16 qq.com 109 employees
#17 aiou.edu.pk 105 employees
#18 pec.it 103 employees
#19 sempreser.com.br 102 employees
#20 interia.pl 98 employees
#21 utp.edu.pe 97 employees
#22 unionbankonline.co.in 91 employees
#23 kemenag.go.id 90 employees
#24 uniminuto.edu 89 employees
#25 o2.pl 87 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 76 employees
#2 rockwellautomation.com 51 employees
#3 cognizant.com 25 employees
#4 publix.com 23 employees
#5 netflix.com 16 employees
#6 amazon.com 11 employees
#7 honeywell.com 7 employees
#8 ecolab.com 7 employees
#9 cbre.com 6 employees
#10 ups.com 6 employees
#11 hp.com 6 employees
#12 pg.com 5 employees
#13 ibm.com 5 employees
#14 blackrock.com 5 employees
#15 bestbuy.com 5 employees
#16 johnsoncontrols.com 4 employees
#17 monsanto.com 4 employees
#18 frontier.com 4 employees
#19 gm.com 3 employees
#20 csc.com 3 employees

Compromised users

#1 google.com 90,393 users
#2 facebook.com 80,719 users
#3 netflix.com 32,864 users
#4 amazon.com 26,749 users
#5 paypal.com 21,791 users
#6 apple.com 15,531 users
#7 ebay.com 3,621 users
#8 oracle.com 2,851 users
#9 cisco.com 2,138 users
#10 microsoft.com 2,007 users
#11 hp.com 1,875 users
#12 nike.com 1,793 users
#13 ibm.com 926 users
#14 walmart.com 848 users
#15 intel.com 654 users
#16 ups.com 592 users
#17 westernunion.com 515 users
#18 bestbuy.com 438 users
#19 fedex.com 395 users
#20 adp.com 321 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 294,042hits
#2 sso 99,592hits
#3 zoom 40,981hits
#4 github 13,006hits
#5 webmail 10,689hits
#6 adfs 10,349hits
#7 oracle 6,377hits
#8 sap 4,743hits
#9 owa 4,356hits
#10 zendesk 4,283hits
#11 ping 3,392hits
#12 webex 3,347hits
#13 sts 3,340hits
#14 vpn 3,241hits
#15 cpanel 3,032hits
#16 extranet 1,839hits
#17 kaspersky 1,818hits
#18 ftp 1,817hits
#19 st 1,776hits
#20 salesforce 1,165hits
#21 roundcube 1,092hits
#22 okta 904hits
#23 gitlab 724hits
#24 twilio 588hits
#25 citrix 380hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Apr 27 → May 4, 2026 12 min

Infostealers Weekly Report: 2026-04-27 – 2026-05-04

14K machines
4K users
186K domains

View report →

Free Tools Check your exposure