Infostealers Weekly Report: 2024-01-29 – 2024-02-05
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 Brazil 1,285
- #2 Turkey 925
- #3 Pakistan 832
- #4 Mexico 762
- #5 Argentina 726
- #6 Egypt 704
- #7 Vietnam 654
- #8 Colombia 639
- #9 Philippines 616
- #10 Peru 615
- #11 India 536
- #12 Bangladesh 517
- #13 Thailand 457
- #14 Indonesia 416
- #15 Chile 378
- #16 Algeria 341
- #17 Ecuador 293
- #18 Spain 289
- #19 Malaysia 272
- #20 Venezuela 248
- #21 Saudi Arabia 234
- #22 Morocco 221
- #23 Iraq 195
- #24 Sri Lanka 188
- #25 Bolivia 182
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 28,097 users
-
#2
facebook.com 26,686 users
-
#3
live.com 25,201 users
-
#4
com.facebook.katana 14,777 users
-
#5
instagram.com 13,130 users
-
#6
discord.com 12,269 users
-
#7
netflix.com 12,255 users
-
#8
roblox.com 10,876 users
-
#9
amazon.com 9,977 users
-
#10
steampowered.com 9,859 users
-
#11
com.netflix.mediaclient 9,713 users
-
#12
com.instagram.android 9,392 users
-
#13
twitter.com 9,162 users
-
#14
microsoftonline.com 7,817 users
-
#15
mega.nz 7,777 users
-
#16
paypal.com 7,416 users
-
#17
com.roblox.client 6,946 users
-
#18
riotgames.com 6,570 users
-
#19
twitch.tv 6,553 users
-
#20
linkedin.com 6,548 users
-
#21
spotify.com 6,458 users
-
#22
apple.com 6,218 users
-
#23
epicgames.com 6,194 users
-
#24
com.discord 6,191 users
-
#25
zoom.us 5,598 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
hostinger.com 131 employees
-
#2
secop.gov.co 87 employees
-
#3
buenosaires.gob.ar 79 employees
-
#4
laureate.net 76 employees
-
#5
rediff.com 68 employees
-
#6
yandex.com.tr 66 employees
-
#7
sempreser.com.br 63 employees
-
#8
utpl.edu.ec 61 employees
-
#9
icicibank.com 60 employees
-
#10
freemail.hu 59 employees
-
#11
login.sp.gov.br 55 employees
-
#12
wp.pl 52 employees
-
#13
bcb.gov.br 51 employees
-
#14
abv.bg 50 employees
-
#15
utp.edu.pe 50 employees
-
#16
britanico.edu.pe 50 employees
-
#17
jwpub.org 49 employees
-
#18
inacap.cl 48 employees
-
#19
banquemisr.com 46 employees
-
#20
watchit.com 46 employees
-
#21
aiep.cl 46 employees
-
#22
rockwellautomation.com 45 employees
-
#23
hostgator.com 45 employees
-
#24
sts.net.pk 42 employees
-
#25
netpnb.com 41 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
-
#2
microsoft.com 19 employees
-
#3
-
#4
jpmorganchase.com 6 employees
-
#5
hp.com 6 employees
-
#6
xerox.com 6 employees
-
#7
ibm.com 6 employees
-
#8
ecolab.com 5 employees
-
#9
ford.com 5 employees
-
#10
honeywell.com 4 employees
-
#11
ebay.com 4 employees
-
#12
mosaicco.com 4 employees
-
#13
ryder.com 4 employees
-
#14
ncr.com 3 employees
-
#15
pepsico.com 3 employees
-
#16
halliburton.com 3 employees
-
#17
cisco.com 1 employees
-
#18
gm.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
-
#8
-
#9
oracle.com 1,049 users
-
#10
-
#11
-
#12
nike.com 696 users
-
#13
-
#14
walmart.com 266 users
-
#15
intel.com 234 users
-
#16
westernunion.com 214 users
-
#17
ups.com 213 users
-
#18
bestbuy.com 135 users
-
#19
fedex.com 128 users
-
#20
salesforce.com 98 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
14,777 users
Netflix
9,713 users
9,392 users
Roblox
6,946 users
Discord
6,191 users
Twitch
5,115 users
Spotify
5,033 users
3,964 users
Snapchat
3,800 users
Mercadolibre
2,820 users
Disney
2,799 users
PayPal
2,564 users
Mega
2,536 users
Zoom
2,383 users
Wish
2,354 users
2,149 users
1,833 users
Waze
1,775 users
Xiaomi
1,568 users
Alibaba
1,491 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 1,067,686 users
-
#2
hotmail.com 170,927 users
-
#3
yahoo.com 61,153 users
-
#4
outlook.com 31,125 users
-
#5
icloud.com 6,580 users
-
#6
mail.ru 5,108 users
-
#7
-
#8
hotmail.es 4,266 users
-
#9
yahoo.com.br 4,095 users
-
#10
yahoo.com.ar 2,883 users
-
#11
msn.com 2,757 users
-
#12
yahoo.fr 1,983 users
-
#13
web.de 1,938 users
-
#14
gmx.de 1,875 users
-
#15
mail.com 1,819 users
-
#16
ymail.com 1,738 users
-
#17
hotmail.fr 1,413 users
-
#18
telenet.be 1,365 users
-
#19
virgilio.it 1,311 users
-
#20
yahoo.co.id 1,299 users
-
#21
live.fr 1,141 users
-
#22
rambler.ru 1,000 users
-
#23
hotmail.com.ar 992 users
-
#24
yandex.com 967 users
-
#25
hotmail.it 878 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 RedLine 33,569machines
- #2 Lumma 8,393machines
- #3 Generic Stealer 5machines
Anti-virus Coverage
- #1 Windows Defender 31,397machines
- #2 360 Total Security 1,156machines
- #3 Avast Antivirus 1,035machines
- #4 Reason Cybersecurity 901machines
- #5 McAfee Firewall 551machines
- #6 McAfee VirusScan 431machines
- #7 McAfee 392machines
- #8 ESET Security 312machines
- #9 Kaspersky 266machines
- #10 Kaspersky Internet Security 228machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 110,440hits
- #2 sso 33,549hits
- #3 zoom 13,385hits
- #4 github 4,742hits
- #5 webmail 4,501hits
- #6 adfs 3,438hits
- #7 oracle 2,551hits
- #8 sap 1,757hits
- #9 owa 1,591hits
- #10 zendesk 1,567hits
- #11 extranet 1,216hits
- #12 ping 1,042hits
- #13 vpn 1,023hits
- #14 roundcube 1,015hits
- #15 cpanel 1,001hits
- #16 kaspersky 979hits
- #17 sts 869hits
- #18 webex 672hits
- #19 ftp 579hits
- #20 st 574hits
- #21 okta 395hits
- #22 gitlab 214hits
- #23 twilio 202hits
- #24 salesforce 199hits
- #25 sharepoint 179hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.