Infostealers Weekly Report: 2024-07-01 – 2024-07-08
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 1,231
- #2 Turkey 886
- #3 Indonesia 857
- #4 Egypt 809
- #5 Pakistan 761
- #6 Brazil 681
- #7 Vietnam 648
- #8 Thailand 469
- #9 Argentina 349
- #10 Bangladesh 322
- #11 Philippines 289
- #12 Colombia 284
- #13 Mexico 267
- #14 Spain 241
- #15 United States of America 234
- #16 Algeria 232
- #17 Peru 210
- #18 Chile 205
- #19 Iraq 177
- #20 Morocco 176
- #21 Venezuela 161
- #22 Sri Lanka 121
- #23 Romania 101
- #24 Poland 99
- #25 South Africa 97
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 13,856 users
-
#2
facebook.com 11,999 users
-
#3
live.com 11,237 users
-
#4
instagram.com 6,452 users
-
#5
discord.com 5,993 users
-
#6
com.facebook.katana 5,853 users
-
#7
netflix.com 5,417 users
-
#8
roblox.com 4,649 users
-
#9
steampowered.com 4,598 users
-
#10
amazon.com 4,460 users
-
#11
twitter.com 4,108 users
-
#12
com.instagram.android 4,068 users
-
#13
com.netflix.mediaclient 3,896 users
-
#14
microsoftonline.com 3,606 users
-
#15
paypal.com 3,545 users
-
#16
twitch.tv 3,373 users
-
#17
riotgames.com 3,360 users
-
#18
apple.com 3,286 users
-
#19
spotify.com 3,232 users
-
#20
mega.nz 3,201 users
-
#21
epicgames.com 3,021 users
-
#22
192.168.1.1 2,962 users
-
#23
steamcommunity.com 2,815 users
-
#24
com.discord 2,799 users
-
#25
linkedin.com 2,729 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
hostinger.com 83 employees
-
#2
163.com 53 employees
-
#3
icicibank.com 51 employees
-
#4
watchit.com 43 employees
-
#5
qq.com 39 employees
-
#6
rediff.com 37 employees
-
#7
firstmail.ltd 32 employees
-
#8
banquemisr.com 28 employees
-
#9
wp.pl 27 employees
-
#10
deped.gov.ph 24 employees
-
#11
mail.tm 24 employees
-
#12
secop.gov.co 24 employees
-
#13
yandex.com.tr 23 employees
-
#14
alxswe.com 21 employees
-
#15
icai.org 20 employees
-
#16
jwpub.org 20 employees
-
#17
sts.net.pk 18 employees
-
#18
santander.com.br 17 employees
-
#19
rockwellautomation.com 17 employees
-
#20
bni.co.id 16 employees
-
#21
ionos.com 16 employees
-
#22
laureate.net 16 employees
-
#23
bobibanking.com 16 employees
-
#24
bluehost.com 16 employees
-
#25
inacap.cl 16 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
-
#2
microsoft.com 10 employees
-
#3
-
#4
ups.com 4 employees
-
#5
metlife.com 2 employees
-
#6
ford.com 2 employees
-
#7
hp.com 2 employees
-
#8
emc.com 2 employees
-
#9
csc.com 2 employees
-
#10
publix.com 2 employees
-
#11
cbre.com 2 employees
-
#12
essendant.com 1 employees
-
#13
-
#14
pvh.com 1 employees
-
#15
jnj.com 1 employees
-
#16
ibm.com 1 employees
-
#17
marriott.com 1 employees
-
#18
uhsinc.com 1 employees
-
#19
-
#20
halliburton.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
oracle.com 563 users
-
#8
ebay.com 557 users
-
#9
-
#10
-
#11
nike.com 387 users
-
#12
cisco.com 346 users
-
#13
-
#14
walmart.com 146 users
-
#15
-
#16
westernunion.com 111 users
-
#17
intel.com 88 users
-
#18
fedex.com 87 users
-
#19
bestbuy.com 65 users
-
#20
target.com 60 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
5,853 users
4,068 users
Netflix
3,896 users
Discord
2,799 users
Roblox
2,564 users
Spotify
2,392 users
Twitch
2,067 users
1,844 users
1,786 users
Snapchat
1,743 users
PayPal
1,029 users
Wish
1,021 users
Zoom
952 users
Mega
944 users
Disney
910 users
762 users
Xiaomi
723 users
Mercadolibre
700 users
Alibaba
577 users
Waze
567 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 553,986 users
-
#2
hotmail.com 63,877 users
-
#3
yahoo.com 21,826 users
-
#4
outlook.com 16,867 users
-
#5
icloud.com 4,269 users
-
#6
-
#7
mail.ru 1,876 users
-
#8
hotmail.es 1,779 users
-
#9
msn.com 1,396 users
-
#10
web.de 1,261 users
-
#11
yahoo.com.br 1,182 users
-
#12
yahoo.fr 856 users
-
#13
mail.com 835 users
-
#14
googlemail.com 825 users
-
#15
ymail.com 816 users
-
#16
hotmail.de 791 users
-
#17
hotmail.fr 773 users
-
#18
yandex.ru 737 users
-
#19
aol.com 671 users
-
#20
yahoo.co.id 660 users
-
#21
yahoo.com.ar 635 users
-
#22
gmx.com 620 users
-
#23
orange.fr 615 users
-
#24
yandex.com 579 users
-
#25
me.com 497 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 Lumma 7,260machines
- #2 Vidar 6,948machines
- #3 Generic Stealer 4,218machines
- #4 RedLine 3,755machines
- #5 StealC 10machines
Anti-virus Coverage
- #1 Windows Defender 12,634machines
- #2 Reason Cybersecurity 945machines
- #3 Unknown 683machines
- #4 Windows Defender [ON] 429machines
- #5 None 405machines
- #6 Avast Antivirus 162machines
- #7 360 Total Security 118machines
- #8 McAfee 76machines
- #9 ESET Security 66machines
- #10 Norton Security 48machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 57,622hits
- #2 sso 14,915hits
- #3 zoom 4,774hits
- #4 github 3,570hits
- #5 adfs 1,588hits
- #6 webmail 1,486hits
- #7 oracle 1,162hits
- #8 zendesk 863hits
- #9 owa 799hits
- #10 vpn 726hits
- #11 sap 686hits
- #12 ping 682hits
- #13 cpanel 577hits
- #14 sts 454hits
- #15 st 332hits
- #16 webex 280hits
- #17 kaspersky 279hits
- #18 extranet 277hits
- #19 roundcube 233hits
- #20 ftp 231hits
- #21 okta 206hits
- #22 imap 167hits
- #23 twilio 163hits
- #24 salesforce 162hits
- #25 gitlab 137hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Infostealers Weekly Report: 2026-05-18 – 2026-05-25
- 14K machines
- 4K users
- 187K domains
Infostealers Weekly Report: 2026-05-11 – 2026-05-18
- 25K machines
- 2K users
- 319K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.