Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Sep 12 – Sep 18, 2022 13 min read

Infostealers Weekly Report: 2022-09-12 – 2022-09-18

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 215
Infections by country

Top 25 countries

  1. #1 Brazil 15,338
  2. #2 India 9,606
  3. #3 Egypt 9,551
  4. #4 Vietnam 7,457
  5. #5 Mexico 7,248
  6. #6 Philippines 6,609
  7. #7 Thailand 6,497
  8. #8 United States of America 6,370
  9. #9 Indonesia 5,603
  10. #10 Spain 5,073
  11. #11 Turkey 4,988
  12. #12 Argentina 4,748
  13. #13 Colombia 4,309
  14. #14 Algeria 4,102
  15. #15 France 4,007
  16. #16 Peru 3,929
  17. #17 Germany 3,482
  18. #18 Italy 3,412
  19. #19 Morocco 3,403
  20. #20 Poland 3,229
  21. #21 Bangladesh 2,562
  22. #22 Netherlands 2,405
  23. #23 Chile 2,274
  24. #24 Pakistan 2,188
  25. #25 Venezuela 1,984

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 79,740 users
  2. #2 facebook.com 71,735 users
  3. #3 live.com 65,133 users
  4. #4 discord.com 33,966 users
  5. #5 instagram.com 33,942 users
  6. #6 netflix.com 33,023 users
  7. #7 com.facebook.katana 30,555 users
  8. #8 roblox.com 29,909 users
  9. #9 twitter.com 28,734 users
  10. #10 amazon.com 27,966 users
  11. #11 paypal.com 27,579 users
  12. #12 steampowered.com 25,710 users
  13. #13 twitch.tv 24,113 users
  14. #14 22,553 users
  15. #15 riotgames.com 21,540 users
  16. #16 com.instagram.android 20,990 users
  17. #17 com.netflix.mediaclient 20,699 users
  18. #18 microsoftonline.com 20,507 users
  19. #19 mega.nz 20,469 users
  20. #20 epicgames.com 19,545 users
  21. #21 steamcommunity.com 17,795 users
  22. #22 linkedin.com 17,696 users
  23. #23 com.spotify.music 17,516 users
  24. #24 apple.com 17,257 users
  25. #25 spotify.com 17,135 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 1,540 employees
  2. #2 aruba.it 281 employees
  3. #3 icicibank.com 242 employees
  4. #4 freemail.hu 239 employees
  5. #5 hostinger.com 227 employees
  6. #6 wp.pl 224 employees
  7. #7 rediff.com 218 employees
  8. #8 pec.it 190 employees
  9. #9 abv.bg 187 employees
  10. #10 163.com 187 employees
  11. #11 telecom.pt 185 employees
  12. #12 interia.pl 181 employees
  13. #13 tim.it 170 employees
  14. #14 qq.com 155 employees
  15. #15 o2.pl 150 employees
  16. #16 onet.pl 133 employees
  17. #17 secureserver.net 126 employees
  18. #18 bcb.gov.br 119 employees
  19. #19 sapo.pt 118 employees
  20. #20 ig.com.br 118 employees
  21. #21 laureate.net 114 employees
  22. #22 skole.hr 106 employees
  23. #23 jwpub.org 104 employees
  24. #24 ovh.net 102 employees
  25. #25 uol.com.br 102 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 79 employees
  2. #2 rockwellautomation.com 61 employees
  3. #3 publix.com 24 employees
  4. #4 facebook.com 15 employees
  5. #5 cognizant.com 14 employees
  6. #6 google.com 12 employees
  7. #7 netflix.com 12 employees
  8. #8 apple.com 11 employees
  9. #9 amazon.com 10 employees
  10. #10 ibm.com 10 employees
  11. #11 twc.com 8 employees
  12. #12 csc.com 7 employees
  13. #13 oracle.com 7 employees
  14. #14 paypal.com 6 employees
  15. #15 gm.com 6 employees
  16. #16 techdata.com 5 employees
  17. #17 lear.com 5 employees
  18. #18 ford.com 5 employees
  19. #19 fedex.com 4 employees
  20. #20 ups.com 4 employees

Compromised users

  1. #1 google.com 79,740 users
  2. #2 facebook.com 71,735 users
  3. #3 netflix.com 33,023 users
  4. #4 amazon.com 27,966 users
  5. #5 paypal.com 27,579 users
  6. #6 apple.com 17,257 users
  7. #7 ebay.com 4,761 users
  8. #8 oracle.com 3,135 users
  9. #9 microsoft.com 2,397 users
  10. #10 nike.com 2,285 users
  11. #11 hp.com 2,270 users
  12. #12 cisco.com 2,259 users
  13. #13 ups.com 965 users
  14. #14 walmart.com 959 users
  15. #15 ibm.com 880 users
  16. #16 intel.com 806 users
  17. #17 westernunion.com 710 users
  18. #18 bestbuy.com 535 users
  19. #19 fedex.com 474 users
  20. #20 adp.com 425 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 340,147hits
  2. #2 sso 94,526hits
  3. #3 zoom 34,411hits
  4. #4 webmail 15,212hits
  5. #5 github 15,034hits
  6. #6 adfs 13,638hits
  7. #7 oracle 7,235hits
  8. #8 zendesk 5,201hits
  9. #9 owa 4,653hits
  10. #10 sts 4,555hits
  11. #11 sap 4,363hits
  12. #12 cpanel 3,943hits
  13. #13 vpn 3,837hits
  14. #14 ping 3,264hits
  15. #15 webex 3,019hits
  16. #16 kaspersky 2,854hits
  17. #17 ftp 2,743hits
  18. #18 extranet 2,491hits
  19. #19 st 2,322hits
  20. #20 roundcube 2,164hits
  21. #21 salesforce 1,323hits
  22. #22 okta 1,045hits
  23. #23 gitlab 976hits
  24. #24 imap 934hits
  25. #25 twilio 753hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure