Infostealers Weekly Report: 2024-03-18 – 2024-03-25
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 Pakistan 1,235
- #2 Turkey 1,109
- #3 India 966
- #4 Egypt 904
- #5 Brazil 729
- #6 Philippines 564
- #7 Indonesia 551
- #8 Algeria 550
- #9 Argentina 542
- #10 Bangladesh 444
- #11 Mexico 399
- #12 Vietnam 378
- #13 Venezuela 363
- #14 Colombia 360
- #15 Peru 349
- #16 Saudi Arabia 299
- #17 Thailand 280
- #18 Morocco 275
- #19 Iraq 238
- #20 Spain 232
- #21 United States of America 220
- #22 Chile 206
- #23 Poland 195
- #24 Ecuador 191
- #25 Bolivia 184
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 20,382 users
-
#2
facebook.com 18,299 users
-
#3
live.com 16,729 users
-
#4
instagram.com 9,284 users
-
#5
com.facebook.katana 9,144 users
-
#6
netflix.com 7,634 users
-
#7
discord.com 7,623 users
-
#8
roblox.com 6,391 users
-
#9
amazon.com 6,018 users
-
#10
twitter.com 5,963 users
-
#11
com.instagram.android 5,909 users
-
#12
steampowered.com 5,824 users
-
#13
com.netflix.mediaclient 5,686 users
-
#14
microsoftonline.com 5,061 users
-
#15
paypal.com 4,899 users
-
#16
mega.nz 4,779 users
-
#17
192.168.1.1 4,714 users
-
#18
linkedin.com 4,473 users
-
#19
apple.com 4,422 users
-
#20
spotify.com 4,010 users
-
#21
twitch.tv 3,888 users
-
#22
com.roblox.client 3,833 users
-
#23
riotgames.com 3,747 users
-
#24
epicgames.com 3,720 users
-
#25
yahoo.com 3,497 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
wp.pl 81 employees
-
#2
hostinger.com 79 employees
-
#3
icicibank.com 75 employees
-
#4
rediff.com 69 employees
-
#5
aruba.it 66 employees
-
#6
secureserver.net 44 employees
-
#7
laureate.net 38 employees
-
#8
abv.bg 37 employees
-
#9
watchit.com 37 employees
-
#10
interia.pl 37 employees
-
#11
secop.gov.co 35 employees
-
#12
yandex.com.tr 35 employees
-
#13
pec.it 35 employees
-
#14
o2.pl 34 employees
-
#15
naver.com 33 employees
-
#16
inacap.cl 33 employees
-
#17
firstmail.ltd 33 employees
-
#18
buenosaires.gob.ar 29 employees
-
#19
deped.gov.ph 29 employees
-
#20
banquemisr.com 28 employees
-
#21
ovh.net 28 employees
-
#22
nauta.cu 27 employees
-
#23
tim.it 27 employees
-
#24
bobibanking.com 26 employees
-
#25
skole.hr 25 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
microsoft.com 22 employees
-
#2
rockwellautomation.com 22 employees
-
#3
conocophillips.com 7 employees
-
#4
-
#5
-
#6
hp.com 5 employees
-
#7
-
#8
oracle.com 2 employees
-
#9
honeywell.com 2 employees
-
#10
cbre.com 2 employees
-
#11
lear.com 2 employees
-
#12
xerox.com 1 employees
-
#13
marriott.com 1 employees
-
#14
att.com 1 employees
-
#15
cognizant.com 1 employees
-
#16
ibm.com 1 employees
-
#17
dollartree.com 1 employees
-
#18
gs.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 1,016 users
-
#8
-
#9
-
#10
cisco.com 651 users
-
#11
-
#12
nike.com 423 users
-
#13
-
#14
walmart.com 217 users
-
#15
ups.com 177 users
-
#16
westernunion.com 174 users
-
#17
intel.com 105 users
-
#18
salesforce.com 90 users
-
#19
fedex.com 85 users
-
#20
westerndigital.com 78 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
9,144 users
5,909 users
Netflix
5,686 users
Roblox
3,833 users
Discord
3,426 users
Spotify
3,081 users
Twitch
2,593 users
Snapchat
2,561 users
2,463 users
2,293 users
Wish
1,521 users
Zoom
1,482 users
PayPal
1,426 users
Disney
1,410 users
Mega
1,319 users
1,235 users
Mercadolibre
1,078 users
Xiaomi
1,041 users
Alibaba
865 users
Waze
787 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 754,404 users
-
#2
hotmail.com 97,422 users
-
#3
-
#4
outlook.com 20,164 users
-
#5
icloud.com 5,822 users
-
#6
yahoo.com.br 2,939 users
-
#7
hotmail.fr 2,750 users
-
#8
mail.ru 2,062 users
-
#9
yahoo.fr 2,030 users
-
#10
-
#11
hotmail.es 1,663 users
-
#12
yandex.com 1,444 users
-
#13
msn.com 1,439 users
-
#14
free.fr 1,278 users
-
#15
libero.it 1,255 users
-
#16
yahoo.co.jp 1,175 users
-
#17
googlemail.com 859 users
-
#18
alice.it 848 users
-
#19
rambler.ru 842 users
-
#20
ymail.com 818 users
-
#21
live.fr 800 users
-
#22
yahoo.com.ar 799 users
-
#23
orange.fr 772 users
-
#24
rocketmail.com 731 users
-
#25
yahoo.co.id 729 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 RedLine 16,511machines
- #2 Generic Stealer 12,838machines
- #3 Lumma 1,276machines
- #4 Redline 1machines
Anti-virus Coverage
- #1 Windows Defender 15,604machines
- #2 Avast Antivirus 625machines
- #3 360 Total Security 614machines
- #4 Reason Cybersecurity 433machines
- #5 McAfee Firewall 234machines
- #6 McAfee VirusScan 191machines
- #7 McAfee 168machines
- #8 ESET Security 160machines
- #9 AVG Antivirus 152machines
- #10 Kaspersky 141machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 72,100hits
- #2 sso 19,033hits
- #3 zoom 5,647hits
- #4 webmail 4,248hits
- #5 github 3,741hits
- #6 adfs 2,213hits
- #7 oracle 1,517hits
- #8 owa 1,494hits
- #9 sap 1,244hits
- #10 sts 1,203hits
- #11 ping 1,160hits
- #12 zendesk 1,085hits
- #13 imap 1,079hits
- #14 extranet 916hits
- #15 vpn 777hits
- #16 cpanel 751hits
- #17 kaspersky 751hits
- #18 roundcube 671hits
- #19 webex 503hits
- #20 ftp 462hits
- #21 st 451hits
- #22 salesforce 287hits
- #23 okta 244hits
- #24 zimbra 221hits
- #25 git 176hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.