Weekly intelligence Jan 23 – Jan 29, 2023 13 min read

Infostealers Weekly Report: 2023-01-23 – 2023-01-29

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 206

Infections by country

Top 25 countries

#1 Brazil 7,655
#2 Egypt 5,021
#3 Mexico 4,942
#4 Colombia 3,029
#5 Algeria 2,812
#6 Peru 2,601
#7 Argentina 2,596
#8 India 2,579
#9 Thailand 2,253
#10 Turkey 2,245
#11 Vietnam 2,099
#12 Philippines 2,098
#13 Spain 2,076
#14 Morocco 2,036
#15 Pakistan 1,651
#16 Chile 1,624
#17 United States of America 1,469
#18 Indonesia 1,315
#19 Venezuela 1,312
#20 Poland 1,302
#21 Bangladesh 1,287
#22 Ecuador 1,142
#23 Romania 1,116
#24 France 1,052
#25 Germany 1,043

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 34,929 users
#2 facebook.com 32,079 users
#3 live.com 29,344 users
#4 netflix.com 14,635 users
#5 instagram.com 14,240 users
#6 com.facebook.katana 14,216 users
#7 discord.com 13,814 users
#8 roblox.com 12,541 users
#9 amazon.com 11,637 users
#10 twitter.com 11,519 users
#11 paypal.com 10,833 users
#12 steampowered.com 10,688 users
#13 com.netflix.mediaclient 9,713 users
#14 twitch.tv 9,196 users
#15 mega.nz 9,169 users
#16 microsoftonline.com 9,165 users
#17 com.instagram.android 9,138 users
#18 riotgames.com 8,008 users
#19 epicgames.com 7,701 users
#20 linkedin.com 7,494 users
#21 apple.com 7,169 users
#22 com.spotify.music 6,966 users
#23 spotify.com 6,843 users
#24 steamcommunity.com 6,842 users
#25 com.discord 6,428 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 217 employees
#2 163.com 119 employees
#3 freemail.hu 100 employees
#4 abv.bg 96 employees
#5 bcb.gov.br 91 employees
#6 hostinger.com 88 employees
#7 tim.it 87 employees
#8 aruba.it 87 employees
#9 qq.com 85 employees
#10 secop.gov.co 85 employees
#11 utp.edu.pe 83 employees
#12 laureate.net 81 employees
#13 buenosaires.gob.ar 81 employees
#14 o2.pl 79 employees
#15 interia.pl 73 employees
#16 icicibank.com 63 employees
#17 pec.it 62 employees
#18 sat.gob.mx 61 employees
#19 login.sp.gov.br 60 employees
#20 onet.pl 59 employees
#21 secureserver.net 55 employees
#22 seznam.cz 52 employees
#23 ig.com.br 52 employees
#24 inacap.cl 50 employees
#25 sapo.pt 48 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 29 employees
#2 microsoft.com 28 employees
#3 pg.com 9 employees
#4 hp.com 8 employees
#5 facebook.com 8 employees
#6 bms.com 5 employees
#7 netflix.com 5 employees
#8 nov.com 5 employees
#9 honeywell.com 4 employees
#10 ibm.com 4 employees
#11 amazon.com 4 employees
#12 publix.com 3 employees
#13 xerox.com 3 employees
#14 twc.com 3 employees
#15 cognizant.com 3 employees
#16 humana.com 3 employees
#17 ups.com 3 employees
#18 johnsoncontrols.com 3 employees
#19 oracle.com 2 employees
#20 parker.com 2 employees

Compromised users

#1 google.com 34,929 users
#2 facebook.com 32,079 users
#3 netflix.com 14,635 users
#4 amazon.com 11,637 users
#5 paypal.com 10,833 users
#6 apple.com 7,169 users
#7 ebay.com 1,968 users
#8 oracle.com 1,264 users
#9 microsoft.com 1,059 users
#10 cisco.com 1,029 users
#11 hp.com 989 users
#12 nike.com 915 users
#13 ups.com 393 users
#14 walmart.com 383 users
#15 ibm.com 342 users
#16 intel.com 256 users
#17 westernunion.com 254 users
#18 fedex.com 175 users
#19 adp.com 159 users
#20 salesforce.com 138 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 120,961hits
#2 sso 34,899hits
#3 zoom 12,897hits
#4 webmail 4,783hits
#5 github 4,675hits
#6 adfs 4,111hits
#7 oracle 2,384hits
#8 zendesk 1,884hits
#9 owa 1,720hits
#10 sap 1,414hits
#11 cpanel 1,346hits
#12 sts 1,324hits
#13 ping 1,252hits
#14 vpn 1,156hits
#15 webex 1,033hits
#16 kaspersky 966hits
#17 extranet 910hits
#18 ftp 781hits
#19 roundcube 693hits
#20 st 683hits
#21 okta 451hits
#22 gitlab 385hits
#23 git 315hits
#24 twilio 290hits
#25 jira 274hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

Free Tools Check your exposure