Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Nov 6 – Nov 13, 2023 12 min read

Infostealers Weekly Report: 2023-11-06 – 2023-11-13

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 71,021 Compromised Machines
#2 7,867 Compromised Employees
#3 42,282 Compromised Users
#4 20,872 Compromised Androids
#5 141,965 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 177
Infections by country

Top 25 countries

  1. #1 Brazil 1,946
  2. #2 Turkey 1,890
  3. #3 Mexico 1,368
  4. #4 Thailand 963
  5. #5 Colombia 925
  6. #6 Philippines 867
  7. #7 Egypt 850
  8. #8 Pakistan 843
  9. #9 Peru 785
  10. #10 Algeria 636
  11. #11 Vietnam 557
  12. #12 Morocco 521
  13. #13 Bangladesh 512
  14. #14 Spain 500
  15. #15 Chile 497
  16. #16 Argentina 448
  17. #17 Malaysia 412
  18. #18 Ecuador 410
  19. #19 Sri Lanka 338
  20. #20 Iraq 317
  21. #21 Dominican Republic 306
  22. #22 Bolivia 300
  23. #23 Venezuela 281
  24. #24 Poland 251
  25. #25 Nigeria 250

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 26,098 users
  2. #2 facebook.com 24,207 users
  3. #3 live.com 22,493 users
  4. #4 instagram.com 11,556 users
  5. #5 com.facebook.katana 11,247 users
  6. #6 netflix.com 11,150 users
  7. #7 discord.com 10,641 users
  8. #8 roblox.com 9,165 users
  9. #9 steampowered.com 8,533 users
  10. #10 amazon.com 8,476 users
  11. #11 twitter.com 8,323 users
  12. #12 com.netflix.mediaclient 7,649 users
  13. #13 com.instagram.android 7,193 users
  14. #14 mega.nz 7,022 users
  15. #15 paypal.com 6,908 users
  16. #16 microsoftonline.com 6,881 users
  17. #17 twitch.tv 6,147 users
  18. #18 riotgames.com 6,097 users
  19. #19 spotify.com 5,950 users
  20. #20 apple.com 5,865 users
  21. #21 linkedin.com 5,617 users
  22. #22 epicgames.com 5,475 users
  23. #23 steamcommunity.com 4,744 users
  24. #24 com.discord 4,665 users
  25. #25 zoom.us 4,648 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 wp.pl 91 employees
  2. #2 163.com 70 employees
  3. #3 secop.gov.co 70 employees
  4. #4 qq.com 68 employees
  5. #5 freemail.hu 67 employees
  6. #6 hostinger.com 58 employees
  7. #7 login.sp.gov.br 55 employees
  8. #8 alxswe.com 54 employees
  9. #9 utp.edu.pe 52 employees
  10. #10 laureate.net 49 employees
  11. #11 interia.pl 49 employees
  12. #12 banquemisr.com 45 employees
  13. #13 telecom.pt 44 employees
  14. #14 yandex.com.tr 44 employees
  15. #15 abv.bg 43 employees
  16. #16 rockwellautomation.com 42 employees
  17. #17 mail.tm 39 employees
  18. #18 cibertec.edu.pe 38 employees
  19. #19 sts.net.pk 38 employees
  20. #20 jwpub.org 37 employees
  21. #21 aiep.cl 37 employees
  22. #22 o2.pl 36 employees
  23. #23 naver.com 34 employees
  24. #24 ukr.net 33 employees
  25. #25 bcb.gov.br 33 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 42 employees
  2. #2 frontier.com 14 employees
  3. #3 microsoft.com 11 employees
  4. #4 oracle.com 7 employees
  5. #5 lear.com 6 employees
  6. #6 cognizant.com 6 employees
  7. #7 hp.com 5 employees
  8. #8 apple.com 4 employees
  9. #9 jpmorganchase.com 4 employees
  10. #10 ups.com 4 employees
  11. #11 wellcare.com 3 employees
  12. #12 marriott.com 3 employees
  13. #13 cisco.com 3 employees
  14. #14 twc.com 2 employees
  15. #15 abbvie.com 2 employees
  16. #16 gm.com 2 employees
  17. #17 intel.com 2 employees
  18. #18 ibm.com 1 employees
  19. #19 pg.com 1 employees
  20. #20 ford.com 1 employees

Compromised users

  1. #1 google.com 26,098 users
  2. #2 facebook.com 24,207 users
  3. #3 netflix.com 11,150 users
  4. #4 amazon.com 8,476 users
  5. #5 paypal.com 6,908 users
  6. #6 apple.com 5,865 users
  7. #7 ebay.com 1,343 users
  8. #8 microsoft.com 916 users
  9. #9 hp.com 875 users
  10. #10 oracle.com 845 users
  11. #11 cisco.com 834 users
  12. #12 nike.com 707 users
  13. #13 walmart.com 297 users
  14. #14 ibm.com 258 users
  15. #15 intel.com 213 users
  16. #16 ups.com 201 users
  17. #17 westernunion.com 188 users
  18. #18 fedex.com 144 users
  19. #19 salesforce.com 91 users
  20. #20 bestbuy.com 80 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

11,247 users

#2

Netflix

netflix.com · com.netflix.mediaclient

7,649 users

#3

Instagram

instagram.com · com.instagram.android

7,193 users

#4

Discord

discord.com · com.discord

4,665 users

#5

Roblox

roblox.com · com.roblox.client

4,639 users

#6

Spotify

spotify.com · com.spotify.music

4,227 users

#7

Twitch

app.com · tv.twitch.android.app

4,197 users

#8

Twitter

twitter.com · com.twitter.android

3,261 users

#9

Snapchat

snapchat.com · com.snapchat.android

2,746 users

#10

Disney

disney.com · com.disney.disneyplus

2,431 users

#11

Mercadolibre

mercadolibre.com · com.mercadolibre

2,284 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

1,967 users

#13

Mega

app.com · mega.privacy.android.app

1,787 users

#14

Wish

contextlogic.com · com.contextlogic.wish

1,719 users

#15

LinkedIn

linkedin.com · com.linkedin.android

1,685 users

#16

Zoom

videomeetings.com · us.zoom.videomeetings

1,645 users

#17

Waze

waze.com · com.waze

1,534 users

#18

Alibaba

alibaba.com · com.alibaba.aliexpresshd

1,514 users

#19

Xiaomi

xiaomi.com · com.xiaomi.account

1,204 users

#20

Pinterest

pinterest.com · com.pinterest

739 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 909,027 users
  2. #2 hotmail.com 167,077 users
  3. #3 yahoo.com 35,743 users
  4. #4 outlook.com 29,191 users
  5. #5 icloud.com 7,343 users
  6. #6 live.com 4,807 users
  7. #7 mail.ru 4,096 users
  8. #8 hotmail.es 3,760 users
  9. #9 msn.com 3,124 users
  10. #10 hotmail.fr 3,069 users
  11. #11 yahoo.com.br 2,543 users
  12. #12 yahoo.fr 2,304 users
  13. #13 orange.fr 2,013 users
  14. #14 gmx.com 1,892 users
  15. #15 ymail.com 1,336 users
  16. #16 aol.com 1,167 users
  17. #17 web.de 1,111 users
  18. #18 mail.com 1,100 users
  19. #19 gmx.de 1,045 users
  20. #20 libero.it 976 users
  21. #21 hotmail.it 934 users
  22. #22 yahoo.com.ar 905 users
  23. #23 yandex.ru 892 users
  24. #24 yahoo.co.uk 884 users
  25. #25 free.fr 868 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 24,207 accounts
  2. #2 twitter.com 8,323 accounts
  3. #3 instagram.com 11,556 accounts
  4. #4 linkedin.com 5,617 accounts
  5. #5 pinterest.com 1,699 accounts
  6. #6 tiktok.com 1,733 accounts
  7. #7 snapchat.com 1,843 accounts
  8. #8 reddit.com 770 accounts
  9. #9 youtube.com 128 accounts
  10. #10 weibo.com 63 accounts
  11. #11 vk.com 1,352 accounts
  12. #12 telegram.org 199 accounts
  13. #13 tumblr.com 668 accounts
  14. #14 discord.com 10,641 accounts
  15. #15 flickr.com 291 accounts
  16. #16 myspace.com 48 accounts
  17. #17 badoo.com 395 accounts
  18. #18 meetup.com 11 accounts
  19. #19 quora.com 124 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 RedLine 64,390machines
  2. #2 Generic Stealer 6,628machines
  3. #3 Lumma 2machines
  4. #4 StealC 1machines

Anti-virus Coverage

  1. #1 Windows Defender 58,386machines
  2. #2 Avast Antivirus 2,216machines
  3. #3 360 Total Security 1,623machines
  4. #4 Reason Cybersecurity 1,540machines
  5. #5 McAfee Firewall 1,097machines
  6. #6 McAfee VirusScan 797machines
  7. #7 AVG Antivirus 624machines
  8. #8 ESET Security 410machines
  9. #9 VirusScan de McAfee 396machines
  10. #10 Kaspersky Internet Security 342machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 101,369hits
  2. #2 sso 25,892hits
  3. #3 zoom 9,938hits
  4. #4 github 3,888hits
  5. #5 webmail 3,119hits
  6. #6 adfs 2,946hits
  7. #7 oracle 1,699hits
  8. #8 owa 1,690hits
  9. #9 sap 1,503hits
  10. #10 zendesk 1,410hits
  11. #11 vpn 1,014hits
  12. #12 sts 1,002hits
  13. #13 ping 1,000hits
  14. #14 cpanel 808hits
  15. #15 kaspersky 762hits
  16. #16 extranet 661hits
  17. #17 webex 621hits
  18. #18 st 500hits
  19. #19 roundcube 491hits
  20. #20 ftp 443hits
  21. #21 okta 395hits
  22. #22 salesforce 241hits
  23. #23 gitlab 157hits
  24. #24 twilio 117hits
  25. #25 sharepoint 112hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure