Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Sep 11 – Sep 18, 2023 13 min read

Infostealers Weekly Report: 2023-09-11 – 2023-09-18

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 110,063 Compromised Machines
#2 14,251 Compromised Employees
#3 60,543 Compromised Users
#4 35,269 Compromised Androids
#5 103,366 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 202
Infections by country

Top 25 countries

  1. #1 Brazil 7,192
  2. #2 Pakistan 5,335
  3. #3 Turkey 4,679
  4. #4 Unknown 4,655
  5. #5 Thailand 3,294
  6. #6 Philippines 3,123
  7. #7 Bangladesh 3,005
  8. #8 Mexico 2,516
  9. #9 Peru 2,448
  10. #10 Algeria 2,364
  11. #11 Spain 2,348
  12. #12 Egypt 2,308
  13. #13 Vietnam 2,245
  14. #14 Colombia 1,994
  15. #15 United States of America 1,794
  16. #16 Morocco 1,665
  17. #17 India 1,475
  18. #18 Argentina 1,425
  19. #19 Germany 1,388
  20. #20 Sri Lanka 1,312
  21. #21 Malaysia 1,227
  22. #22 Nigeria 1,185
  23. #23 Poland 1,161
  24. #24 Myanmar (Burma) 1,112
  25. #25 Iraq 1,096

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 39,026 users
  2. #2 facebook.com 35,343 users
  3. #3 live.com 31,916 users
  4. #4 instagram.com 15,957 users
  5. #5 com.facebook.katana 15,896 users
  6. #6 netflix.com 15,070 users
  7. #7 discord.com 14,658 users
  8. #8 amazon.com 12,393 users
  9. #9 roblox.com 11,738 users
  10. #10 twitter.com 11,665 users
  11. #11 steampowered.com 10,996 users
  12. #12 com.netflix.mediaclient 10,489 users
  13. #13 paypal.com 10,408 users
  14. #14 com.instagram.android 10,254 users
  15. #15 microsoftonline.com 9,378 users
  16. #16 mega.nz 9,071 users
  17. #17 linkedin.com 8,621 users
  18. #18 apple.com 8,581 users
  19. #19 twitch.tv 7,615 users
  20. #20 spotify.com 7,240 users
  21. #21 riotgames.com 7,231 users
  22. #22 epicgames.com 6,860 users
  23. #23 zoom.us 6,358 users
  24. #24 yahoo.com 6,173 users
  25. #25 com.discord 6,168 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 wp.pl 207 employees
  2. #2 aruba.it 143 employees
  3. #3 hostinger.com 129 employees
  4. #4 163.com 125 employees
  5. #5 qq.com 116 employees
  6. #6 freemail.hu 109 employees
  7. #7 interia.pl 86 employees
  8. #8 abv.bg 85 employees
  9. #9 tim.it 82 employees
  10. #10 icicibank.com 81 employees
  11. #11 sts.net.pk 79 employees
  12. #12 pec.it 79 employees
  13. #13 login.sp.gov.br 79 employees
  14. #14 utp.edu.pe 76 employees
  15. #15 alxswe.com 72 employees
  16. #16 secop.gov.co 67 employees
  17. #17 mail.tm 67 employees
  18. #18 rockwellautomation.com 65 employees
  19. #19 yandex.com.tr 60 employees
  20. #20 web-hosting.com 59 employees
  21. #21 inacap.cl 58 employees
  22. #22 sempreser.com.br 52 employees
  23. #23 ovh.net 50 employees
  24. #24 secureserver.net 50 employees
  25. #25 britanico.edu.pe 49 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 65 employees
  2. #2 microsoft.com 26 employees
  3. #3 dana.com 9 employees
  4. #4 disney.com 6 employees
  5. #5 hp.com 5 employees
  6. #6 frontier.com 5 employees
  7. #7 twc.com 5 employees
  8. #8 ibm.com 5 employees
  9. #9 johnsoncontrols.com 4 employees
  10. #10 apple.com 3 employees
  11. #11 ups.com 3 employees
  12. #12 facebook.com 3 employees
  13. #13 amazon.com 3 employees
  14. #14 netflix.com 2 employees
  15. #15 publix.com 2 employees
  16. #16 honeywell.com 2 employees
  17. #17 cbre.com 1 employees
  18. #18 xcelenergy.com 1 employees
  19. #19 cablevision.com 1 employees
  20. #20 cisco.com 1 employees

Compromised users

  1. #1 google.com 39,026 users
  2. #2 facebook.com 35,343 users
  3. #3 netflix.com 15,070 users
  4. #4 amazon.com 12,393 users
  5. #5 paypal.com 10,408 users
  6. #6 apple.com 8,581 users
  7. #7 ebay.com 2,087 users
  8. #8 microsoft.com 1,395 users
  9. #9 oracle.com 1,386 users
  10. #10 hp.com 1,142 users
  11. #11 cisco.com 1,061 users
  12. #12 nike.com 864 users
  13. #13 walmart.com 453 users
  14. #14 ibm.com 438 users
  15. #15 westernunion.com 328 users
  16. #16 ups.com 309 users
  17. #17 intel.com 300 users
  18. #18 fedex.com 203 users
  19. #19 bestbuy.com 153 users
  20. #20 adp.com 146 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

18,678 users

#2

Netflix

netflix.com · com.netflix.mediaclient

12,191 users

#3

Instagram

instagram.com · com.instagram.android

11,900 users

#4

Discord

discord.com · com.discord

7,396 users

#5

Roblox

roblox.com · com.roblox.client

7,198 users

#6

Spotify

spotify.com · com.spotify.music

6,731 users

#7

Twitch

app.com · tv.twitch.android.app

5,872 users

#8

Snapchat

snapchat.com · com.snapchat.android

5,353 users

#9

Twitter

twitter.com · com.twitter.android

4,999 users

#10

PayPal

paypal.com · com.paypal.android.p2pmobile

3,217 users

#11

Wish

contextlogic.com · com.contextlogic.wish

3,140 users

#12

Zoom

videomeetings.com · us.zoom.videomeetings

2,847 users

#13

Mega

app.com · mega.privacy.android.app

2,834 users

#14

LinkedIn

linkedin.com · com.linkedin.android

2,819 users

#15

Pinterest

pinterest.com · com.pinterest

2,814 users

#16

Disney

disney.com · com.disney.disneyplus

2,726 users

#17

Mercadolibre

mercadolibre.com · com.mercadolibre

2,340 users

#18

Alibaba

alibaba.com · com.alibaba.aliexpresshd

2,321 users

#19

Waze

waze.com · com.waze

2,227 users

#20

Xiaomi

xiaomi.com · com.xiaomi.account

1,899 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 2,059,903 users
  2. #2 hotmail.com 255,542 users
  3. #3 yahoo.com 97,792 users
  4. #4 outlook.com 73,326 users
  5. #5 icloud.com 14,674 users
  6. #6 live.com 10,795 users
  7. #7 hotmail.fr 8,681 users
  8. #8 mail.ru 8,333 users
  9. #9 yahoo.com.br 6,168 users
  10. #10 libero.it 5,507 users
  11. #11 yahoo.fr 4,730 users
  12. #12 free.fr 4,607 users
  13. #13 gmx.de 4,557 users
  14. #14 hotmail.es 4,336 users
  15. #15 web.de 4,107 users
  16. #16 ymail.com 3,508 users
  17. #17 live.fr 3,431 users
  18. #18 orange.fr 3,406 users
  19. #19 hotmail.it 3,375 users
  20. #20 msn.com 2,716 users
  21. #21 mail.com 2,675 users
  22. #22 t-online.de 2,525 users
  23. #23 aol.com 2,491 users
  24. #24 protonmail.com 1,987 users
  25. #25 laposte.net 1,935 users

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 RedLine 73,901machines
  2. #2 Lumma 12,932machines
  3. #3 Mystic 11,022machines
  4. #4 Generic Stealer 9,335machines
  5. #5 StealC 6,131machines
  6. #6 racoon 35machines
  7. #7 Atomic 4machines

Anti-virus Coverage

  1. #1 Windows Defender 77,548machines
  2. #2 Avast Antivirus 2,812machines
  3. #3 360 Total Security 2,407machines
  4. #4 Reason Cybersecurity 2,059machines
  5. #5 McAfee Firewall 1,514machines
  6. #6 McAfee VirusScan 1,183machines
  7. #7 AVG Antivirus 806machines
  8. #8 ESET Security 619machines
  9. #9 Kaspersky Internet Security 534machines
  10. #10 Norton Security 422machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 142,177hits
  2. #2 sso 43,809hits
  3. #3 zoom 13,736hits
  4. #4 adfs 11,204hits
  5. #5 webmail 6,671hits
  6. #6 github 6,444hits
  7. #7 oracle 2,772hits
  8. #8 owa 2,313hits
  9. #9 sap 2,309hits
  10. #10 zendesk 1,877hits
  11. #11 cpanel 1,674hits
  12. #12 vpn 1,621hits
  13. #13 sts 1,458hits
  14. #14 ping 1,216hits
  15. #15 extranet 1,123hits
  16. #16 kaspersky 1,088hits
  17. #17 webex 977hits
  18. #18 roundcube 891hits
  19. #19 st 819hits
  20. #20 ftp 773hits
  21. #21 gitlab 431hits
  22. #22 salesforce 422hits
  23. #23 zimbra 372hits
  24. #24 okta 328hits
  25. #25 twilio 300hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

  • 16K machines
  • 4K users
  • 200K domains
View report →
Apr 27 → May 4, 2026 12 min

Infostealers Weekly Report: 2026-04-27 – 2026-05-04

  • 14K machines
  • 4K users
  • 186K domains
View report →
Free Tools Check your exposure