Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Oct 30 – Nov 6, 2023 13 min read

Infostealers Weekly Report: 2023-10-30 – 2023-11-06

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 95,739 Compromised Machines
#2 11,272 Compromised Employees
#3 53,868 Compromised Users
#4 30,599 Compromised Androids
#5 192,379 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 189
Infections by country

Top 25 countries

  1. #1 Brazil 3,658
  2. #2 Turkey 2,036
  3. #3 Pakistan 1,616
  4. #4 Mexico 1,583
  5. #5 Thailand 1,451
  6. #6 Egypt 1,237
  7. #7 Philippines 1,234
  8. #8 Colombia 1,213
  9. #9 Peru 1,156
  10. #10 India 894
  11. #11 Algeria 847
  12. #12 Vietnam 830
  13. #13 Bangladesh 808
  14. #14 Argentina 707
  15. #15 Morocco 656
  16. #16 Indonesia 605
  17. #17 Chile 558
  18. #18 Ecuador 551
  19. #19 Spain 531
  20. #20 Sri Lanka 495
  21. #21 Malaysia 477
  22. #22 Venezuela 472
  23. #23 Iraq 416
  24. #24 United States of America 413
  25. #25 Dominican Republic 374

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 38,834 users
  2. #2 facebook.com 35,446 users
  3. #3 live.com 33,306 users
  4. #4 discord.com 16,895 users
  5. #5 instagram.com 16,803 users
  6. #6 com.facebook.katana 16,611 users
  7. #7 netflix.com 16,412 users
  8. #8 roblox.com 14,553 users
  9. #9 steampowered.com 12,866 users
  10. #10 amazon.com 12,449 users
  11. #11 twitter.com 11,924 users
  12. #12 com.netflix.mediaclient 11,524 users
  13. #13 com.instagram.android 10,575 users
  14. #14 paypal.com 10,122 users
  15. #15 microsoftonline.com 9,960 users
  16. #16 mega.nz 9,845 users
  17. #17 twitch.tv 9,484 users
  18. #18 riotgames.com 9,416 users
  19. #19 spotify.com 8,602 users
  20. #20 linkedin.com 8,415 users
  21. #21 epicgames.com 8,233 users
  22. #22 apple.com 8,224 users
  23. #23 steamcommunity.com 7,439 users
  24. #24 com.roblox.client 7,356 users
  25. #25 com.discord 6,997 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 laureate.net 155 employees
  2. #2 wp.pl 149 employees
  3. #3 hostinger.com 134 employees
  4. #4 sempreser.com.br 134 employees
  5. #5 buenosaires.gob.ar 96 employees
  6. #6 secop.gov.co 94 employees
  7. #7 utp.edu.pe 81 employees
  8. #8 tigo.com.co 71 employees
  9. #9 bcb.gov.br 70 employees
  10. #10 sts.net.pk 69 employees
  11. #11 login.sp.gov.br 67 employees
  12. #12 uol.com.br 65 employees
  13. #13 aruba.it 64 employees
  14. #14 yandex.com.tr 63 employees
  15. #15 inacap.cl 62 employees
  16. #16 ionos.com 59 employees
  17. #17 upc.edu.pe 58 employees
  18. #18 aiou.edu.pk 57 employees
  19. #19 telecom.pt 56 employees
  20. #20 rockwellautomation.com 56 employees
  21. #21 qq.com 55 employees
  22. #22 jwpub.org 54 employees
  23. #23 freemail.hu 53 employees
  24. #24 o2.pl 52 employees
  25. #25 secureserver.net 51 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 56 employees
  2. #2 microsoft.com 24 employees
  3. #3 ups.com 13 employees
  4. #4 amazon.com 9 employees
  5. #5 manpowergroup.com 6 employees
  6. #6 att.com 6 employees
  7. #7 goodyear.com 5 employees
  8. #8 visteon.com 5 employees
  9. #9 ibm.com 4 employees
  10. #10 tenneco.com 4 employees
  11. #11 jpmorganchase.com 2 employees
  12. #12 csc.com 2 employees
  13. #13 emc.com 1 employees
  14. #14 frontier.com 1 employees
  15. #15 netflix.com 1 employees
  16. #16 publix.com 1 employees
  17. #17 cablevision.com 1 employees

Compromised users

  1. #1 google.com 38,834 users
  2. #2 facebook.com 35,446 users
  3. #3 netflix.com 16,412 users
  4. #4 amazon.com 12,449 users
  5. #5 paypal.com 10,122 users
  6. #6 apple.com 8,224 users
  7. #7 ebay.com 1,900 users
  8. #8 microsoft.com 1,489 users
  9. #9 oracle.com 1,211 users
  10. #10 hp.com 1,167 users
  11. #11 cisco.com 1,076 users
  12. #12 nike.com 1,040 users
  13. #13 ibm.com 405 users
  14. #14 walmart.com 351 users
  15. #15 ups.com 333 users
  16. #16 westernunion.com 273 users
  17. #17 intel.com 219 users
  18. #18 fedex.com 199 users
  19. #19 bestbuy.com 171 users
  20. #20 salesforce.com 127 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

16,611 users

#2

Netflix

netflix.com · com.netflix.mediaclient

11,524 users

#3

Instagram

instagram.com · com.instagram.android

10,575 users

#4

Roblox

roblox.com · com.roblox.client

7,356 users

#5

Discord

discord.com · com.discord

6,997 users

#6

Twitch

app.com · tv.twitch.android.app

6,505 users

#7

Spotify

spotify.com · com.spotify.music

6,383 users

#8

Twitter

twitter.com · com.twitter.android

4,590 users

#9

Snapchat

snapchat.com · com.snapchat.android

4,169 users

#10

Disney

disney.com · com.disney.disneyplus

3,439 users

#11

Mercadolibre

mercadolibre.com · com.mercadolibre

3,377 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

3,035 users

#13

Wish

contextlogic.com · com.contextlogic.wish

2,928 users

#14

Mega

app.com · mega.privacy.android.app

2,732 users

#15

Zoom

videomeetings.com · us.zoom.videomeetings

2,454 users

#16

Waze

waze.com · com.waze

2,234 users

#17

LinkedIn

linkedin.com · com.linkedin.android

2,129 users

#18

Alibaba

alibaba.com · com.alibaba.aliexpresshd

2,004 users

#19

Xiaomi

xiaomi.com · com.xiaomi.account

1,719 users

#20

Pinterest

pinterest.com · com.pinterest

1,668 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 1,381,450 users
  2. #2 hotmail.com 234,345 users
  3. #3 yahoo.com 50,528 users
  4. #4 outlook.com 46,348 users
  5. #5 icloud.com 8,340 users
  6. #6 yahoo.com.br 7,944 users
  7. #7 live.com 7,496 users
  8. #8 mail.ru 3,781 users
  9. #9 msn.com 3,340 users
  10. #10 hotmail.fr 3,094 users
  11. #11 yahoo.fr 2,753 users
  12. #12 hotmail.es 2,468 users
  13. #13 live.fr 1,989 users
  14. #14 libero.it 1,874 users
  15. #15 yahoo.com.ar 1,753 users
  16. #16 gmx.com 1,451 users
  17. #17 orange.fr 1,412 users
  18. #18 yahoo.co.uk 1,389 users
  19. #19 gmx.net 1,376 users
  20. #20 yandex.com 1,195 users
  21. #21 ymail.com 1,158 users
  22. #22 mail.com 1,018 users
  23. #23 hotmail.it 1,015 users
  24. #24 yahoo.it 857 users
  25. #25 aol.com 809 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 35,446 accounts
  2. #2 twitter.com 11,924 accounts
  3. #3 instagram.com 16,803 accounts
  4. #4 linkedin.com 8,415 accounts
  5. #5 pinterest.com 2,612 accounts
  6. #6 tiktok.com 2,660 accounts
  7. #7 snapchat.com 3,006 accounts
  8. #8 reddit.com 1,251 accounts
  9. #9 youtube.com 273 accounts
  10. #10 weibo.com 68 accounts
  11. #11 vk.com 2,120 accounts
  12. #12 telegram.org 335 accounts
  13. #13 tumblr.com 860 accounts
  14. #14 discord.com 16,895 accounts
  15. #15 flickr.com 450 accounts
  16. #16 myspace.com 49 accounts
  17. #17 badoo.com 534 accounts
  18. #18 meetup.com 27 accounts
  19. #19 quora.com 191 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 RedLine 85,860machines
  2. #2 Generic Stealer 6,480machines
  3. #3 Lumma 3,399machines

Anti-virus Coverage

  1. #1 Windows Defender 78,764machines
  2. #2 Avast Antivirus 2,495machines
  3. #3 360 Total Security 2,480machines
  4. #4 Reason Cybersecurity 2,068machines
  5. #5 McAfee Firewall 1,531machines
  6. #6 McAfee VirusScan 1,096machines
  7. #7 AVG Antivirus 734machines
  8. #8 ESET Security 640machines
  9. #9 VirusScan de McAfee 499machines
  10. #10 Kaspersky 431machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 148,567hits
  2. #2 sso 40,072hits
  3. #3 zoom 14,509hits
  4. #4 webmail 7,062hits
  5. #5 github 6,347hits
  6. #6 adfs 4,201hits
  7. #7 sap 2,818hits
  8. #8 oracle 2,536hits
  9. #9 zendesk 2,295hits
  10. #10 owa 2,091hits
  11. #11 vpn 1,721hits
  12. #12 cpanel 1,484hits
  13. #13 ping 1,334hits
  14. #14 webex 1,148hits
  15. #15 kaspersky 1,148hits
  16. #16 sts 1,128hits
  17. #17 extranet 1,075hits
  18. #18 roundcube 987hits
  19. #19 ftp 829hits
  20. #20 okta 595hits
  21. #21 st 585hits
  22. #22 twilio 336hits
  23. #23 salesforce 325hits
  24. #24 gitlab 276hits
  25. #25 zimbra 228hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

  • 16K machines
  • 4K users
  • 200K domains
View report →
Free Tools Check your exposure