Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Apr 22 – Apr 29, 2024 14 min read

Infostealers Weekly Report: 2024-04-22 – 2024-04-29

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 95,444 Compromised Machines
#2 22,355 Compromised Employees
#3 20,471 Compromised Users
#4 52,618 Compromised Androids
#5 310,812 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 193
Infections by country

Top 25 countries

  1. #1 Brazil 4,237
  2. #2 India 3,518
  3. #3 Turkey 3,212
  4. #4 Indonesia 3,041
  5. #5 Egypt 2,305
  6. #6 Thailand 2,043
  7. #7 Mexico 2,032
  8. #8 Pakistan 1,857
  9. #9 Argentina 1,742
  10. #10 Vietnam 1,525
  11. #11 Peru 1,437
  12. #12 Philippines 1,434
  13. #13 United States of America 1,421
  14. #14 Colombia 1,372
  15. #15 Spain 1,312
  16. #16 Italy 1,113
  17. #17 Germany 1,003
  18. #18 Algeria 964
  19. #19 Taiwan 942
  20. #20 Bangladesh 905
  21. #21 Poland 895
  22. #22 France 882
  23. #23 Chile 879
  24. #24 United Kingdom 696
  25. #25 Morocco 668

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 63,117 users
  2. #2 facebook.com 55,846 users
  3. #3 live.com 53,905 users
  4. #4 instagram.com 31,431 users
  5. #5 discord.com 29,735 users
  6. #6 com.facebook.katana 28,007 users
  7. #7 netflix.com 27,821 users
  8. #8 steampowered.com 23,290 users
  9. #9 amazon.com 23,263 users
  10. #10 roblox.com 22,963 users
  11. #11 twitter.com 22,421 users
  12. #12 com.instagram.android 20,286 users
  13. #13 paypal.com 19,447 users
  14. #14 com.netflix.mediaclient 19,056 users
  15. #15 twitch.tv 17,636 users
  16. #16 microsoftonline.com 17,405 users
  17. #17 apple.com 16,788 users
  18. #18 spotify.com 16,736 users
  19. #19 riotgames.com 16,573 users
  20. #20 epicgames.com 16,095 users
  21. #21 mega.nz 14,834 users
  22. #22 linkedin.com 14,607 users
  23. #23 192.168.1.1 14,263 users
  24. #24 steamcommunity.com 14,041 users
  25. #25 com.discord 13,641 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 304 employees
  2. #2 aruba.it 255 employees
  3. #3 icicibank.com 254 employees
  4. #4 wp.pl 235 employees
  5. #5 163.com 203 employees
  6. #6 rediff.com 194 employees
  7. #7 firstmail.ltd 172 employees
  8. #8 watchit.com 172 employees
  9. #9 secop.gov.co 159 employees
  10. #10 tim.it 154 employees
  11. #11 banquemisr.com 148 employees
  12. #12 qq.com 147 employees
  13. #13 laureate.net 142 employees
  14. #14 buenosaires.gob.ar 140 employees
  15. #15 pec.it 139 employees
  16. #16 mail.tm 130 employees
  17. #17 abv.bg 107 employees
  18. #18 utp.edu.pe 104 employees
  19. #19 onet.pl 103 employees
  20. #20 bobibanking.com 100 employees
  21. #21 yandex.com.tr 100 employees
  22. #22 secureserver.net 99 employees
  23. #23 hinet.net 98 employees
  24. #24 o2.pl 96 employees
  25. #25 netpnb.com 95 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 79 employees
  2. #2 rockwellautomation.com 56 employees
  3. #3 cognizant.com 14 employees
  4. #4 ibm.com 13 employees
  5. #5 hp.com 11 employees
  6. #6 gm.com 11 employees
  7. #7 netflix.com 8 employees
  8. #8 publix.com 7 employees
  9. #9 amazon.com 6 employees
  10. #10 ups.com 6 employees
  11. #11 twc.com 6 employees
  12. #12 csc.com 5 employees
  13. #13 pg.com 5 employees
  14. #14 lear.com 5 employees
  15. #15 monsanto.com 4 employees
  16. #16 ncr.com 4 employees
  17. #17 fedex.com 4 employees
  18. #18 pepsico.com 4 employees
  19. #19 ford.com 3 employees
  20. #20 salesforce.com 3 employees

Compromised users

  1. #1 google.com 63,117 users
  2. #2 facebook.com 55,846 users
  3. #3 netflix.com 27,821 users
  4. #4 amazon.com 23,263 users
  5. #5 paypal.com 19,447 users
  6. #6 apple.com 16,788 users
  7. #7 ebay.com 3,453 users
  8. #8 oracle.com 2,607 users
  9. #9 hp.com 2,513 users
  10. #10 microsoft.com 2,434 users
  11. #11 nike.com 2,339 users
  12. #12 cisco.com 2,119 users
  13. #13 ibm.com 871 users
  14. #14 ups.com 809 users
  15. #15 walmart.com 769 users
  16. #16 westernunion.com 637 users
  17. #17 intel.com 533 users
  18. #18 fedex.com 397 users
  19. #19 adp.com 348 users
  20. #20 bestbuy.com 330 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

28,007 users

#2

Instagram

instagram.com · com.instagram.android

20,286 users

#3

Netflix

netflix.com · com.netflix.mediaclient

19,056 users

#4

Discord

discord.com · com.discord

13,641 users

#5

Roblox

roblox.com · com.roblox.client

12,891 users

#6

Spotify

spotify.com · com.spotify.music

11,290 users

#7

Twitch

app.com · tv.twitch.android.app

11,252 users

#8

Twitter

twitter.com · com.twitter.android

8,918 users

#9

Snapchat

snapchat.com · com.snapchat.android

8,220 users

#10

PayPal

paypal.com · com.paypal.android.p2pmobile

5,324 users

#11

Pinterest

pinterest.com · com.pinterest

5,315 users

#12

Disney

disney.com · com.disney.disneyplus

5,269 users

#13

Wish

contextlogic.com · com.contextlogic.wish

5,094 users

#14

Zoom

videomeetings.com · us.zoom.videomeetings

4,500 users

#15

Mega

app.com · mega.privacy.android.app

4,337 users

#16

LinkedIn

linkedin.com · com.linkedin.android

4,076 users

#17

Mercadolibre

mercadolibre.com · com.mercadolibre

3,883 users

#18

Xiaomi

xiaomi.com · com.xiaomi.account

3,407 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

3,148 users

#20

Waze

waze.com · com.waze

3,003 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 2,775,196 users
  2. #2 hotmail.com 371,919 users
  3. #3 yahoo.com 114,388 users
  4. #4 outlook.com 80,834 users
  5. #5 icloud.com 22,770 users
  6. #6 live.com 15,347 users
  7. #7 libero.it 9,046 users
  8. #8 hotmail.fr 8,987 users
  9. #9 yahoo.com.br 8,786 users
  10. #10 hotmail.es 7,988 users
  11. #11 mail.ru 7,926 users
  12. #12 msn.com 7,029 users
  13. #13 hotmail.it 6,637 users
  14. #14 web.de 5,335 users
  15. #15 yahoo.fr 5,253 users
  16. #16 googlemail.com 5,236 users
  17. #17 gmx.de 4,980 users
  18. #18 yahoo.co.id 4,340 users
  19. #19 mail.com 3,890 users
  20. #20 hotmail.co.uk 3,856 users
  21. #21 yahoo.co.uk 3,630 users
  22. #22 proton.me 3,518 users
  23. #23 ymail.com 3,355 users
  24. #24 aol.com 3,264 users
  25. #25 yahoo.it 2,960 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 55,846 accounts
  2. #2 twitter.com 22,421 accounts
  3. #3 instagram.com 31,432 accounts
  4. #4 linkedin.com 14,616 accounts
  5. #5 pinterest.com 5,002 accounts
  6. #6 tiktok.com 6,215 accounts
  7. #7 snapchat.com 6,276 accounts
  8. #8 reddit.com 2,727 accounts
  9. #9 youtube.com 398 accounts
  10. #10 weibo.com 302 accounts
  11. #11 vk.com 3,834 accounts
  12. #12 telegram.org 695 accounts
  13. #13 tumblr.com 1,960 accounts
  14. #14 discord.com 29,735 accounts
  15. #15 flickr.com 909 accounts
  16. #16 myspace.com 154 accounts
  17. #17 badoo.com 718 accounts
  18. #18 meetup.com 74 accounts
  19. #19 quora.com 388 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 StealC 39,721machines
  2. #2 RedLine 28,351machines
  3. #3 Generic Stealer 20,773machines
  4. #4 Lumma 4,669machines
  5. #5 DarkCrystal 1,615machines
  6. #6 Atomic 315machines

Anti-virus Coverage

  1. #1 Windows Defender 27,851machines
  2. #2 Reason Cybersecurity 1,356machines
  3. #3 360 Total Security 1,274machines
  4. #4 Avast Antivirus 1,063machines
  5. #5 McAfee 553machines
  6. #6 McAfee Firewall 471machines
  7. #7 McAfee VirusScan 419machines
  8. #8 AVG Antivirus 365machines
  9. #9 Unknown 320machines
  10. #10 ESET Security 255machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 303,262hits
  2. #2 sso 82,471hits
  3. #3 zoom 24,917hits
  4. #4 github 15,018hits
  5. #5 webmail 11,048hits
  6. #6 adfs 8,127hits
  7. #7 oracle 5,579hits
  8. #8 sap 5,431hits
  9. #9 zendesk 4,238hits
  10. #10 owa 3,625hits
  11. #11 cpanel 3,584hits
  12. #12 vpn 3,142hits
  13. #13 ping 3,061hits
  14. #14 sts 2,892hits
  15. #15 extranet 2,592hits
  16. #16 kaspersky 2,083hits
  17. #17 webex 2,018hits
  18. #18 ftp 1,709hits
  19. #19 roundcube 1,663hits
  20. #20 st 1,495hits
  21. #21 salesforce 1,107hits
  22. #22 okta 1,006hits
  23. #23 imap 967hits
  24. #24 twilio 790hits
  25. #25 gitlab 722hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure