Infostealers Weekly Report: 2024-06-17 – 2024-06-24
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 1,832
- #2 Turkey 1,800
- #3 Thailand 1,581
- #4 Pakistan 1,352
- #5 Egypt 1,314
- #6 Brazil 1,183
- #7 Indonesia 1,064
- #8 Argentina 913
- #9 Mexico 889
- #10 Colombia 874
- #11 Philippines 872
- #12 Vietnam 757
- #13 Bangladesh 718
- #14 Peru 712
- #15 Algeria 556
- #16 Chile 511
- #17 Spain 494
- #18 Morocco 455
- #19 Venezuela 373
- #20 Iraq 349
- #21 United States of America 345
- #22 Malaysia 314
- #23 Ecuador 312
- #24 Sri Lanka 308
- #25 Saudi Arabia 306
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 31,003 users
-
#2
facebook.com 27,483 users
-
#3
live.com 25,226 users
-
#4
instagram.com 13,673 users
-
#5
com.facebook.katana 13,449 users
-
#6
netflix.com 11,888 users
-
#7
discord.com 11,636 users
-
#8
amazon.com 9,681 users
-
#9
roblox.com 9,414 users
-
#10
steampowered.com 9,284 users
-
#11
twitter.com 8,979 users
-
#12
com.instagram.android 8,790 users
-
#13
com.netflix.mediaclient 8,776 users
-
#14
microsoftonline.com 7,641 users
-
#15
paypal.com 7,509 users
-
#16
mega.nz 7,038 users
-
#17
apple.com 6,949 users
-
#18
linkedin.com 6,500 users
-
#19
192.168.1.1 6,394 users
-
#20
spotify.com 6,353 users
-
#21
twitch.tv 6,096 users
-
#22
riotgames.com 6,086 users
-
#23
epicgames.com 5,930 users
-
#24
com.roblox.client 5,505 users
-
#25
com.discord 5,281 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
hostinger.com 153 employees
-
#2
icicibank.com 140 employees
-
#3
rediff.com 107 employees
-
#4
aruba.it 98 employees
-
#5
watchit.com 83 employees
-
#6
secop.gov.co 74 employees
-
#7
laureate.net 67 employees
-
#8
yandex.com.tr 61 employees
-
#9
qq.com 60 employees
-
#10
inacap.cl 59 employees
-
#11
freemail.hu 58 employees
-
#12
buenosaires.gob.ar 56 employees
-
#13
163.com 54 employees
-
#14
tim.it 48 employees
-
#15
atlassian.com 47 employees
-
#16
firstmail.ltd 47 employees
-
#17
bobibanking.com 47 employees
-
#18
wp.pl 47 employees
-
#19
sts.net.pk 46 employees
-
#20
netpnb.com 43 employees
-
#21
rockwellautomation.com 43 employees
-
#22
naver.com 43 employees
-
#23
secureserver.net 40 employees
-
#24
utp.edu.pe 38 employees
-
#25
banquemisr.com 37 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
rockwellautomation.com 43 employees
-
#2
microsoft.com 29 employees
-
#3
netflix.com 13 employees
-
#4
publix.com 11 employees
-
#5
amazon.com 8 employees
-
#6
ibm.com 5 employees
-
#7
bestbuy.com 5 employees
-
#8
ups.com 4 employees
-
#9
jacobs.com 4 employees
-
#10
cognizant.com 4 employees
-
#11
att.com 4 employees
-
#12
oracle.com 3 employees
-
#13
synnex.com 3 employees
-
#14
cummins.com 2 employees
-
#15
paypal.com 2 employees
-
#16
principal.com 2 employees
-
#17
pg.com 2 employees
-
#18
lamresearch.com 2 employees
-
#19
newmont.com 2 employees
-
#20
fedex.com 2 employees
Compromised users
-
#1
google.com 31,003 users
-
#2
facebook.com 27,483 users
-
#3
netflix.com 11,888 users
-
#4
amazon.com 9,681 users
-
#5
paypal.com 7,509 users
-
#6
apple.com 6,949 users
-
#7
ebay.com 1,452 users
-
#8
microsoft.com 1,108 users
-
#9
hp.com 1,107 users
-
#10
oracle.com 1,041 users
-
#11
cisco.com 787 users
-
#12
nike.com 765 users
-
#13
ups.com 371 users
-
#14
walmart.com 338 users
-
#15
ibm.com 324 users
-
#16
westernunion.com 289 users
-
#17
fedex.com 177 users
-
#18
intel.com 163 users
-
#19
bestbuy.com 136 users
-
#20
salesforce.com 132 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
13,449 users
8,790 users
Netflix
8,776 users
Roblox
5,505 users
Discord
5,281 users
Spotify
4,687 users
Twitch
4,379 users
3,931 users
Snapchat
3,702 users
2,719 users
Wish
2,270 users
Disney
2,203 users
PayPal
2,191 users
Zoom
2,017 users
Mega
1,984 users
Mercadolibre
1,770 users
1,687 users
Xiaomi
1,430 users
Waze
1,372 users
Alibaba
1,303 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 1,119,397 users
-
#2
hotmail.com 156,453 users
-
#3
yahoo.com 49,473 users
-
#4
outlook.com 31,023 users
-
#5
icloud.com 9,778 users
-
#6
yahoo.fr 5,491 users
-
#7
live.com 5,282 users
-
#8
gmx.de 2,975 users
-
#9
yahoo.com.ar 2,784 users
-
#10
web.de 2,762 users
-
#11
hotmail.fr 2,739 users
-
#12
msn.com 2,736 users
-
#13
libero.it 2,695 users
-
#14
mail.ru 2,672 users
-
#15
hotmail.it 2,537 users
-
#16
live.fr 2,217 users
-
#17
hotmail.es 2,027 users
-
#18
aol.com 1,815 users
-
#19
yahoo.co.id 1,632 users
-
#20
yahoo.com.br 1,514 users
-
#21
orange.fr 1,476 users
-
#22
ymail.com 1,411 users
-
#23
alice.it 1,338 users
-
#24
mail.com 1,285 users
-
#25
googlemail.com 1,086 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 RedLine 26,724machines
- #2 Vidar 8,312machines
- #3 Lumma 6,851machines
- #4 Generic Stealer 5,478machines
- #5 Atomic 429machines
Anti-virus Coverage
- #1 Windows Defender 32,102machines
- #2 Reason Cybersecurity 3,087machines
- #3 Avast Antivirus 980machines
- #4 360 Total Security 748machines
- #5 McAfee 499machines
- #6 Unknown 454machines
- #7 McAfee Firewall 303machines
- #8 AVG Antivirus 294machines
- #9 McAfee VirusScan 258machines
- #10 None 249machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 121,843hits
- #2 sso 32,328hits
- #3 zoom 11,564hits
- #4 github 5,579hits
- #5 webmail 4,028hits
- #6 adfs 3,238hits
- #7 oracle 2,186hits
- #8 zendesk 1,946hits
- #9 owa 1,836hits
- #10 sap 1,731hits
- #11 ping 1,284hits
- #12 vpn 1,216hits
- #13 sts 1,083hits
- #14 cpanel 1,074hits
- #15 webex 908hits
- #16 kaspersky 824hits
- #17 ftp 694hits
- #18 imap 673hits
- #19 extranet 649hits
- #20 roundcube 639hits
- #21 st 614hits
- #22 salesforce 607hits
- #23 citrix 430hits
- #24 okta 337hits
- #25 twilio 305hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-07-06 – 2026-07-13
- 15K machines
- 2K users
- 180K domains
Infostealers Weekly Report: 2026-06-29 – 2026-07-06
- 22K machines
- 5K users
- 186K domains
Infostealers Weekly Report: 2026-06-22 – 2026-06-29
- 29K machines
- 5K users
- 343K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.