Weekly intelligence Sep 4 – Sep 10, 2023 11 min read

Infostealers Weekly Report: 2023-09-04 – 2023-09-10

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 178

Infections by country

Top 25 countries

#1 Brazil 4,529
#2 Pakistan 2,502
#3 Turkey 2,345
#4 Philippines 2,309
#5 Bangladesh 1,853
#6 Thailand 1,828
#7 Mexico 1,705
#8 Algeria 1,654
#9 Peru 1,584
#10 Colombia 1,527
#11 Egypt 1,446
#12 Vietnam 1,385
#13 Argentina 1,365
#14 Spain 1,210
#15 Morocco 925
#16 Poland 914
#17 United States of America 859
#18 Venezuela 807
#19 Germany 781
#20 Sri Lanka 762
#21 Nigeria 749
#22 Italy 732
#23 Bolivia 688
#24 Chile 616
#25 Myanmar (Burma) 604

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 21,725 users
#2 facebook.com 19,631 users
#3 live.com 17,746 users
#4 instagram.com 8,900 users
#5 com.facebook.katana 8,728 users
#6 netflix.com 8,289 users
#7 discord.com 8,123 users
#8 roblox.com 7,354 users
#9 amazon.com 6,395 users
#10 twitter.com 6,038 users
#11 steampowered.com 6,022 users
#12 com.netflix.mediaclient 5,606 users
#13 com.instagram.android 5,326 users
#14 paypal.com 5,279 users
#15 mega.nz 4,831 users
#16 microsoftonline.com 4,723 users
#17 linkedin.com 4,398 users
#18 twitch.tv 4,396 users
#19 apple.com 4,227 users
#20 spotify.com 4,151 users
#21 riotgames.com 4,144 users
#22 epicgames.com 4,010 users
#23 com.roblox.client 3,609 users
#24 com.discord 3,464 users
#25 steamcommunity.com 3,405 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 100 employees
#2 qq.com 77 employees
#3 freemail.hu 71 employees
#4 163.com 69 employees
#5 o2.pl 66 employees
#6 secop.gov.co 57 employees
#7 ukr.net 56 employees
#8 aruba.it 53 employees
#9 sts.net.pk 46 employees
#10 alxswe.com 43 employees
#11 interia.pl 42 employees
#12 tim.it 40 employees
#13 abv.bg 39 employees
#14 hostinger.com 39 employees
#15 hostgator.com 39 employees
#16 login.sp.gov.br 38 employees
#17 fmod.dev 34 employees
#18 rockwellautomation.com 33 employees
#19 uol.com.br 32 employees
#20 laureate.net 32 employees
#21 yandex.com.tr 32 employees
#22 bcb.gov.br 31 employees
#23 i.ua 31 employees
#24 jwpub.org 30 employees
#25 ig.com.br 30 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 33 employees
#2 apple.com 14 employees
#3 microsoft.com 13 employees
#4 oracle.com 5 employees
#5 nov.com 5 employees
#6 johnsoncontrols.com 5 employees
#7 netflix.com 4 employees
#8 abbott.com 2 employees
#9 henryschein.com 2 employees
#10 cisco.com 2 employees
#11 kiewit.com 2 employees
#12 publix.com 2 employees
#13 emc.com 2 employees
#14 fedex.com 2 employees
#15 libertymutual.com 1 employees

Compromised users

#1 google.com 21,725 users
#2 facebook.com 19,631 users
#3 netflix.com 8,289 users
#4 amazon.com 6,395 users
#5 paypal.com 5,279 users
#6 apple.com 4,227 users
#7 ebay.com 1,088 users
#8 oracle.com 607 users
#9 cisco.com 558 users
#10 microsoft.com 532 users
#11 hp.com 532 users
#12 nike.com 413 users
#13 ibm.com 201 users
#14 walmart.com 187 users
#15 ups.com 172 users
#16 westernunion.com 164 users
#17 intel.com 156 users
#18 americanexpress.com 80 users
#19 bestbuy.com 74 users
#20 fedex.com 70 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 74,084hits
#2 sso 17,933hits
#3 zoom 7,406hits
#4 github 3,338hits
#5 webmail 3,166hits
#6 adfs 1,787hits
#7 oracle 1,580hits
#8 zendesk 1,134hits
#9 owa 1,130hits
#10 sap 830hits
#11 vpn 743hits
#12 cpanel 667hits
#13 sts 660hits
#14 ping 547hits
#15 ftp 514hits
#16 kaspersky 481hits
#17 webex 456hits
#18 st 382hits
#19 extranet 377hits
#20 roundcube 336hits
#21 gitlab 296hits
#22 dana-na 293hits
#23 okta 204hits
#24 twilio 122hits
#25 salesforce 103hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →