Weekly intelligence Sep 26 – Oct 2, 2022 13 min read

Infostealers Weekly Report: 2022-09-26 – 2022-10-02

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 213

Infections by country

Top 25 countries

#1 Brazil 14,925
#2 India 6,613
#3 Egypt 5,984
#4 United States of America 5,508
#5 Mexico 4,814
#6 Vietnam 4,315
#7 Philippines 4,274
#8 Italy 3,978
#9 Indonesia 3,901
#10 Colombia 3,799
#11 Thailand 3,726
#12 Algeria 3,508
#13 Spain 3,447
#14 Germany 3,425
#15 Argentina 3,215
#16 France 3,125
#17 Morocco 2,882
#18 Peru 2,712
#19 Turkey 2,557
#20 Chile 2,174
#21 Poland 2,071
#22 Bangladesh 1,682
#23 Pakistan 1,599
#24 Ecuador 1,590
#25 United Kingdom 1,410

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 63,718 users
#2 facebook.com 56,187 users
#3 live.com 51,892 users
#4 instagram.com 28,176 users
#5 netflix.com 27,340 users
#6 discord.com 26,823 users
#7 com.facebook.katana 23,156 users
#8 twitter.com 23,090 users
#9 amazon.com 23,056 users
#10 roblox.com 21,992 users
#11 paypal.com 21,692 users
#12 steampowered.com 20,435 users
#13 twitch.tv 20,427 users
#14 riotgames.com 17,248 users
#15 microsoftonline.com 16,994 users
#16 com.instagram.android 16,897 users
#17 com.netflix.mediaclient 16,435 users
#18 mega.nz 16,346 users
#19 epicgames.com 15,882 users
#20 spotify.com 14,988 users
#21 steamcommunity.com 14,578 users
#22 linkedin.com 14,424 users
#23 apple.com 14,217 users
#24 com.spotify.music 14,178 users
#25 com.discord 12,519 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 1,247 employees
#2 aruba.it 382 employees
#3 pec.it 282 employees
#4 tim.it 248 employees
#5 hostinger.com 229 employees
#6 163.com 161 employees
#7 wp.pl 158 employees
#8 freemail.hu 143 employees
#9 icicibank.com 143 employees
#10 qq.com 143 employees
#11 o2.pl 143 employees
#12 bcb.gov.br 135 employees
#13 sempreser.com.br 121 employees
#14 telecom.pt 114 employees
#15 laureate.net 111 employees
#16 interia.pl 108 employees
#17 abv.bg 106 employees
#18 rediff.com 104 employees
#19 secureserver.net 103 employees
#20 hostgator.com.br 101 employees
#21 secop.gov.co 98 employees
#22 inacap.cl 95 employees
#23 ovh.net 84 employees
#24 hostgator.com 83 employees
#25 jwpub.org 83 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 67 employees
#2 rockwellautomation.com 57 employees
#3 publix.com 20 employees
#4 facebook.com 13 employees
#5 cognizant.com 13 employees
#6 ibm.com 10 employees
#7 jpmorganchase.com 9 employees
#8 netflix.com 8 employees
#9 google.com 8 employees
#10 westrock.com 7 employees
#11 ups.com 6 employees
#12 csc.com 6 employees
#13 halliburton.com 6 employees
#14 gm.com 6 employees
#15 att.com 6 employees
#16 hp.com 6 employees
#17 newmont.com 5 employees
#18 amazon.com 5 employees
#19 emerson.com 5 employees
#20 sandisk.com 5 employees

Compromised users

#1 google.com 63,718 users
#2 facebook.com 56,187 users
#3 netflix.com 27,340 users
#4 amazon.com 23,056 users
#5 paypal.com 21,692 users
#6 apple.com 14,217 users
#7 ebay.com 3,725 users
#8 oracle.com 2,597 users
#9 nike.com 2,036 users
#10 microsoft.com 2,018 users
#11 cisco.com 1,871 users
#12 hp.com 1,831 users
#13 ups.com 870 users
#14 walmart.com 864 users
#15 ibm.com 680 users
#16 intel.com 653 users
#17 westernunion.com 527 users
#18 bestbuy.com 451 users
#19 fedex.com 405 users
#20 adp.com 398 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 265,032hits
#2 sso 68,863hits
#3 zoom 26,053hits
#4 webmail 13,275hits
#5 github 12,642hits
#6 adfs 11,676hits
#7 oracle 6,289hits
#8 zendesk 4,363hits
#9 owa 3,699hits
#10 sts 3,412hits
#11 sap 3,325hits
#12 cpanel 3,129hits
#13 ping 2,841hits
#14 vpn 2,721hits
#15 webex 2,375hits
#16 ftp 2,343hits
#17 kaspersky 2,307hits
#18 extranet 2,077hits
#19 st 2,054hits
#20 salesforce 1,833hits
#21 roundcube 1,522hits
#22 okta 1,129hits
#23 imap 951hits
#24 gitlab 935hits
#25 twilio 561hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

Free Tools Check your exposure