Weekly intelligence Jun 27 – Jul 3, 2022 13 min read

Infostealers Weekly Report: 2022-06-27 – 2022-07-03

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 204

Infections by country

Top 25 countries

#1 Indonesia 22,472
#2 India 12,293
#3 Vietnam 9,620
#4 Brazil 9,307
#5 Egypt 5,654
#6 Philippines 4,602
#7 Mexico 4,407
#8 Pakistan 4,199
#9 Colombia 3,762
#10 Thailand 3,669
#11 Argentina 3,415
#12 Peru 3,307
#13 Turkey 3,281
#14 United States of America 3,020
#15 Algeria 2,537
#16 Poland 2,255
#17 Venezuela 2,047
#18 Ecuador 2,035
#19 Bangladesh 1,783
#20 Morocco 1,776
#21 Chile 1,556
#22 Latvia 1,402
#23 Sri Lanka 1,382
#24 Bolivia 1,358
#25 Malaysia 1,334

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 94,419 users
#2 google.com 61,659 users
#3 facebook.com 53,864 users
#4 live.com 45,847 users
#5 roblox.com 24,777 users
#6 instagram.com 23,913 users
#7 discord.com 23,718 users
#8 com.facebook.katana 23,448 users
#9 netflix.com 21,580 users
#10 twitter.com 19,543 users
#11 amazon.com 16,364 users
#12 steampowered.com 15,729 users
#13 com.instagram.android 15,565 users
#14 paypal.com 14,142 users
#15 twitch.tv 13,835 users
#16 mega.nz 13,657 users
#17 com.netflix.mediaclient 13,606 users
#18 riotgames.com 13,563 users
#19 microsoftonline.com 13,453 users
#20 epicgames.com 11,873 users
#21 com.discord 11,564 users
#22 com.spotify.music 11,243 users
#23 zoom.us 11,125 users
#24 com.roblox.client 10,965 users
#25 linkedin.com 10,630 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 968 employees
#2 icicibank.com 219 employees
#3 rediff.com 158 employees
#4 onet.pl 121 employees
#5 netpnb.com 107 employees
#6 interia.pl 98 employees
#7 freemail.hu 95 employees
#8 o2.pl 90 employees
#9 bni.co.id 89 employees
#10 163.com 87 employees
#11 hostinger.com 86 employees
#12 sp.gov.br 85 employees
#13 bcb.gov.br 84 employees
#14 secureserver.net 83 employees
#15 secop.gov.co 76 employees
#16 laureate.net 74 employees
#17 utp.edu.pe 73 employees
#18 aruba.it 72 employees
#19 qq.com 71 employees
#20 telecom.pt 69 employees
#21 aiou.edu.pk 65 employees
#22 unionbankonline.co.in 64 employees
#23 kemenag.go.id 62 employees
#24 tim.it 61 employees
#25 sempreser.com.br 60 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 37 employees
#2 rockwellautomation.com 20 employees
#3 cognizant.com 10 employees
#4 publix.com 9 employees
#5 citigroup.com 9 employees
#6 hanes.com 8 employees
#7 netflix.com 8 employees
#8 ford.com 7 employees
#9 paypal.com 7 employees
#10 frontier.com 6 employees
#11 honeywell.com 5 employees
#12 ups.com 4 employees
#13 cisco.com 4 employees
#14 ibm.com 4 employees
#15 ebay.com 4 employees
#16 salesforce.com 4 employees
#17 oracle.com 2 employees
#18 principal.com 2 employees
#19 xerox.com 2 employees
#20 hp.com 2 employees

Compromised users

#1 google.com 61,659 users
#2 facebook.com 53,864 users
#3 netflix.com 21,580 users
#4 amazon.com 16,364 users
#5 paypal.com 14,142 users
#6 apple.com 9,457 users
#7 ebay.com 2,219 users
#8 oracle.com 1,762 users
#9 cisco.com 1,341 users
#10 microsoft.com 1,221 users
#11 hp.com 1,161 users
#12 nike.com 1,001 users
#13 ibm.com 526 users
#14 intel.com 495 users
#15 walmart.com 433 users
#16 ups.com 303 users
#17 westernunion.com 275 users
#18 bestbuy.com 198 users
#19 fedex.com 187 users
#20 salesforce.com 178 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 202,287hits
#2 sso 67,066hits
#3 zoom 28,235hits
#4 github 7,914hits
#5 webmail 7,557hits
#6 adfs 6,995hits
#7 oracle 4,010hits
#8 owa 3,246hits
#9 sap 3,042hits
#10 zendesk 2,762hits
#11 webex 2,311hits
#12 ping 2,296hits
#13 vpn 2,100hits
#14 cpanel 2,024hits
#15 sts 1,993hits
#16 st 1,327hits
#17 kaspersky 1,288hits
#18 extranet 1,217hits
#19 ftp 1,109hits
#20 roundcube 779hits
#21 salesforce 768hits
#22 okta 571hits
#23 twilio 397hits
#24 gitlab 356hits
#25 citrix 308hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Free Tools Check your exposure