Weekly intelligence Jun 13 – Jun 19, 2022 13 min read

Infostealers Weekly Report: 2022-06-13 – 2022-06-19

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 208

Infections by country

Top 25 countries

#1 Indonesia 19,161
#2 India 15,146
#3 Brazil 11,789
#4 Vietnam 9,537
#5 Mexico 5,400
#6 Egypt 5,318
#7 Pakistan 4,397
#8 Philippines 4,142
#9 Colombia 3,916
#10 Peru 3,714
#11 United States of America 3,593
#12 Thailand 3,561
#13 Argentina 3,431
#14 Algeria 2,248
#15 Ecuador 2,215
#16 Morocco 1,698
#17 Venezuela 1,601
#18 Germany 1,594
#19 Malaysia 1,553
#20 Turkey 1,538
#21 Chile 1,514
#22 Bangladesh 1,468
#23 France 1,394
#24 Italy 1,336
#25 Sri Lanka 1,320

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 84,839 users
#2 google.com 57,877 users
#3 facebook.com 50,294 users
#4 live.com 43,255 users
#5 instagram.com 22,797 users
#6 discord.com 22,231 users
#7 com.facebook.katana 21,850 users
#8 roblox.com 21,054 users
#9 netflix.com 20,650 users
#10 twitter.com 19,180 users
#11 amazon.com 17,111 users
#12 steampowered.com 14,925 users
#13 com.instagram.android 14,333 users
#14 paypal.com 14,231 users
#15 twitch.tv 13,686 users
#16 mega.nz 13,291 users
#17 microsoftonline.com 12,925 users
#18 com.netflix.mediaclient 12,883 users
#19 riotgames.com 12,882 users
#20 epicgames.com 11,296 users
#21 com.spotify.music 10,794 users
#22 com.discord 10,665 users
#23 linkedin.com 10,547 users
#24 zoom.us 10,418 users
#25 steamcommunity.com 9,794 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 1,107 employees
#2 icicibank.com 249 employees
#3 rediff.com 187 employees
#4 bni.co.id 130 employees
#5 hostinger.com 123 employees
#6 netpnb.com 115 employees
#7 secureserver.net 106 employees
#8 aruba.it 100 employees
#9 laureate.net 97 employees
#10 bcb.gov.br 84 employees
#11 sp.gov.br 82 employees
#12 secop.gov.co 80 employees
#13 digimail.in 77 employees
#14 aiou.edu.pk 73 employees
#15 163.com 71 employees
#16 utp.edu.pe 69 employees
#17 accenture.com 67 employees
#18 unionbankonline.co.in 64 employees
#19 telecom.pt 63 employees
#20 qq.com 61 employees
#21 interia.pl 60 employees
#22 indusind.com 59 employees
#23 bobibanking.com 56 employees
#24 o2.pl 55 employees
#25 kemenag.go.id 53 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 52 employees
#2 rockwellautomation.com 32 employees
#3 publix.com 20 employees
#4 cognizant.com 15 employees
#5 ibm.com 11 employees
#6 amazon.com 10 employees
#7 netflix.com 8 employees
#8 ups.com 6 employees
#9 apple.com 5 employees
#10 ge.com 4 employees
#11 honeywell.com 4 employees
#12 gm.com 4 employees
#13 twc.com 4 employees
#14 csc.com 4 employees
#15 ingredion.com 4 employees
#16 aetna.com 3 employees
#17 cisco.com 3 employees
#18 pepsico.com 3 employees
#19 halliburton.com 3 employees
#20 pseg.com 2 employees

Compromised users

#1 google.com 57,877 users
#2 facebook.com 50,294 users
#3 netflix.com 20,650 users
#4 amazon.com 17,111 users
#5 paypal.com 14,231 users
#6 apple.com 9,668 users
#7 ebay.com 2,376 users
#8 oracle.com 1,814 users
#9 cisco.com 1,351 users
#10 microsoft.com 1,240 users
#11 hp.com 1,111 users
#12 nike.com 1,107 users
#13 ibm.com 580 users
#14 walmart.com 562 users
#15 intel.com 512 users
#16 westernunion.com 352 users
#17 ups.com 334 users
#18 bestbuy.com 306 users
#19 target.com 235 users
#20 fedex.com 231 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 197,721hits
#2 sso 67,221hits
#3 zoom 26,858hits
#4 github 8,535hits
#5 adfs 7,567hits
#6 webmail 7,013hits
#7 oracle 4,244hits
#8 owa 2,948hits
#9 sap 2,870hits
#10 zendesk 2,743hits
#11 cpanel 2,570hits
#12 sts 2,411hits
#13 ping 2,394hits
#14 webex 2,369hits
#15 vpn 2,341hits
#16 extranet 1,497hits
#17 kaspersky 1,417hits
#18 ftp 1,322hits
#19 st 1,181hits
#20 roundcube 891hits
#21 okta 567hits
#22 salesforce 556hits
#23 twilio 527hits
#24 gitlab 482hits
#25 jira 364hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

Free Tools Check your exposure