Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Dec 11 – Dec 18, 2023 12 min read

Infostealers Weekly Report: 2023-12-11 – 2023-12-18

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 75,628 Compromised Machines
#2 8,913 Compromised Employees
#3 42,330 Compromised Users
#4 24,385 Compromised Androids
#5 149,526 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 177
Infections by country

Top 25 countries

  1. #1 Turkey 2,162
  2. #2 Pakistan 1,584
  3. #3 Brazil 1,582
  4. #4 Mexico 1,254
  5. #5 Argentina 934
  6. #6 Colombia 888
  7. #7 Philippines 883
  8. #8 Egypt 870
  9. #9 Peru 864
  10. #10 Bangladesh 747
  11. #11 Thailand 645
  12. #12 Chile 573
  13. #13 Spain 556
  14. #14 Algeria 536
  15. #15 Vietnam 492
  16. #16 Morocco 480
  17. #17 Ecuador 459
  18. #18 Venezuela 421
  19. #19 Malaysia 360
  20. #20 Sri Lanka 333
  21. #21 Germany 301
  22. #22 United States of America 295
  23. #23 Bolivia 289
  24. #24 Iraq 288
  25. #25 Saudi Arabia 284

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 29,721 users
  2. #2 facebook.com 27,463 users
  3. #3 live.com 26,439 users
  4. #4 com.facebook.katana 12,968 users
  5. #5 instagram.com 12,944 users
  6. #6 netflix.com 12,776 users
  7. #7 discord.com 11,737 users
  8. #8 roblox.com 10,328 users
  9. #9 amazon.com 9,632 users
  10. #10 twitter.com 9,492 users
  11. #11 steampowered.com 9,258 users
  12. #12 com.netflix.mediaclient 8,974 users
  13. #13 com.instagram.android 8,465 users
  14. #14 mega.nz 7,950 users
  15. #15 microsoftonline.com 7,829 users
  16. #16 paypal.com 7,708 users
  17. #17 linkedin.com 6,667 users
  18. #18 apple.com 6,546 users
  19. #19 spotify.com 6,544 users
  20. #20 twitch.tv 6,538 users
  21. #21 epicgames.com 6,017 users
  22. #22 riotgames.com 6,013 users
  23. #23 com.roblox.client 5,377 users
  24. #24 com.discord 5,084 users
  25. #25 zoom.us 4,977 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 laureate.net 100 employees
  2. #2 wp.pl 98 employees
  3. #3 secop.gov.co 76 employees
  4. #4 buenosaires.gob.ar 75 employees
  5. #5 utp.edu.pe 74 employees
  6. #6 rockwellautomation.com 70 employees
  7. #7 hostinger.com 61 employees
  8. #8 inacap.cl 59 employees
  9. #9 yandex.com.tr 58 employees
  10. #10 upc.edu.pe 54 employees
  11. #11 jwpub.org 53 employees
  12. #12 upn.edu.pe 53 employees
  13. #13 bluehost.com 52 employees
  14. #14 secureserver.net 48 employees
  15. #15 banquemisr.com 48 employees
  16. #16 tigo.com.co 46 employees
  17. #17 sts.net.pk 46 employees
  18. #18 ovh.net 45 employees
  19. #19 aiou.edu.pk 44 employees
  20. #20 aiep.cl 43 employees
  21. #21 ig.com.br 42 employees
  22. #22 163.com 41 employees
  23. #23 microsoft.com 39 employees
  24. #24 bcb.gov.br 39 employees
  25. #25 mail.tm 38 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 70 employees
  2. #2 microsoft.com 39 employees
  3. #3 abbott.com 22 employees
  4. #4 netflix.com 12 employees
  5. #5 amazon.com 12 employees
  6. #6 cognizant.com 6 employees
  7. #7 facebook.com 6 employees
  8. #8 cummins.com 6 employees
  9. #9 ups.com 5 employees
  10. #10 hp.com 5 employees
  11. #11 att.com 3 employees
  12. #12 publix.com 3 employees
  13. #13 pg.com 2 employees
  14. #14 emc.com 2 employees
  15. #15 autonation.com 1 employees
  16. #16 ebay.com 1 employees
  17. #17 halliburton.com 1 employees

Compromised users

  1. #1 google.com 29,721 users
  2. #2 facebook.com 27,463 users
  3. #3 netflix.com 12,776 users
  4. #4 amazon.com 9,632 users
  5. #5 paypal.com 7,708 users
  6. #6 apple.com 6,546 users
  7. #7 ebay.com 1,570 users
  8. #8 microsoft.com 1,095 users
  9. #9 oracle.com 999 users
  10. #10 cisco.com 899 users
  11. #11 hp.com 894 users
  12. #12 nike.com 652 users
  13. #13 walmart.com 367 users
  14. #14 westernunion.com 333 users
  15. #15 ibm.com 323 users
  16. #16 ups.com 240 users
  17. #17 intel.com 189 users
  18. #18 fedex.com 143 users
  19. #19 adp.com 137 users
  20. #20 westerndigital.com 98 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

12,968 users

#2

Netflix

netflix.com · com.netflix.mediaclient

8,974 users

#3

Instagram

instagram.com · com.instagram.android

8,465 users

#4

Roblox

roblox.com · com.roblox.client

5,377 users

#5

Discord

discord.com · com.discord

5,084 users

#6

Spotify

spotify.com · com.spotify.music

4,881 users

#7

Twitch

app.com · tv.twitch.android.app

4,693 users

#8

Twitter

twitter.com · com.twitter.android

3,625 users

#9

Snapchat

snapchat.com · com.snapchat.android

3,507 users

#10

Disney

disney.com · com.disney.disneyplus

2,784 users

#11

Mercadolibre

mercadolibre.com · com.mercadolibre

2,437 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

2,366 users

#13

Wish

contextlogic.com · com.contextlogic.wish

2,299 users

#14

LinkedIn

linkedin.com · com.linkedin.android

1,984 users

#15

Mega

app.com · mega.privacy.android.app

1,976 users

#16

Zoom

videomeetings.com · us.zoom.videomeetings

1,887 users

#17

Waze

waze.com · com.waze

1,696 users

#18

Xiaomi

xiaomi.com · com.xiaomi.account

1,536 users

#19

Pinterest

pinterest.com · com.pinterest

1,533 users

#20

Alibaba

alibaba.com · com.alibaba.aliexpresshd

1,469 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 1,011,116 users
  2. #2 hotmail.com 199,268 users
  3. #3 yahoo.com 46,067 users
  4. #4 outlook.com 36,192 users
  5. #5 live.com 7,293 users
  6. #6 icloud.com 6,184 users
  7. #7 yahoo.com.br 4,065 users
  8. #8 yahoo.fr 3,822 users
  9. #9 hotmail.es 3,792 users
  10. #10 msn.com 3,272 users
  11. #11 web.de 2,515 users
  12. #12 yahoo.com.ar 1,777 users
  13. #13 mail.ru 1,431 users
  14. #14 hotmail.fr 1,423 users
  15. #15 hotmail.com.ar 1,385 users
  16. #16 googlemail.com 1,247 users
  17. #17 libero.it 1,187 users
  18. #18 mail.com 1,145 users
  19. #19 alice.it 1,069 users
  20. #20 yandex.com 1,043 users
  21. #21 orange.fr 977 users
  22. #22 free.fr 964 users
  23. #23 yahoo.de 958 users
  24. #24 inbox.ru 939 users
  25. #25 hotmail.it 938 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 27,463 accounts
  2. #2 twitter.com 9,492 accounts
  3. #3 instagram.com 12,944 accounts
  4. #4 linkedin.com 6,667 accounts
  5. #5 pinterest.com 2,214 accounts
  6. #6 tiktok.com 1,974 accounts
  7. #7 snapchat.com 2,285 accounts
  8. #8 reddit.com 878 accounts
  9. #9 youtube.com 151 accounts
  10. #10 weibo.com 35 accounts
  11. #11 vk.com 1,468 accounts
  12. #12 telegram.org 216 accounts
  13. #13 tumblr.com 689 accounts
  14. #14 discord.com 11,737 accounts
  15. #15 flickr.com 295 accounts
  16. #16 myspace.com 58 accounts
  17. #17 badoo.com 432 accounts
  18. #18 meetup.com 31 accounts
  19. #19 quora.com 65 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 RedLine 67,088machines
  2. #2 Generic Stealer 8,527machines
  3. #3 Lumma 13machines

Anti-virus Coverage

  1. #1 Windows Defender 60,678machines
  2. #2 Avast Antivirus 1,906machines
  3. #3 Reason Cybersecurity 1,736machines
  4. #4 360 Total Security 1,473machines
  5. #5 McAfee Firewall 900machines
  6. #6 ESET Security 642machines
  7. #7 McAfee VirusScan 576machines
  8. #8 AVG Antivirus 490machines
  9. #9 McAfee 464machines
  10. #10 Kaspersky Internet Security 364machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 105,054hits
  2. #2 sso 25,255hits
  3. #3 zoom 10,725hits
  4. #4 github 4,970hits
  5. #5 webmail 4,842hits
  6. #6 adfs 2,773hits
  7. #7 sap 2,107hits
  8. #8 oracle 2,101hits
  9. #9 owa 1,824hits
  10. #10 zendesk 1,683hits
  11. #11 vpn 1,356hits
  12. #12 ping 1,112hits
  13. #13 cpanel 973hits
  14. #14 kaspersky 932hits
  15. #15 webex 925hits
  16. #16 sts 849hits
  17. #17 extranet 696hits
  18. #18 roundcube 669hits
  19. #19 ftp 585hits
  20. #20 st 522hits
  21. #21 okta 418hits
  22. #22 imap 228hits
  23. #23 twilio 225hits
  24. #24 gitlab 197hits
  25. #25 sharepoint 156hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

  • 16K machines
  • 4K users
  • 200K domains
View report →
Apr 27 → May 4, 2026 12 min

Infostealers Weekly Report: 2026-04-27 – 2026-05-04

  • 14K machines
  • 4K users
  • 186K domains
View report →
Free Tools Check your exposure