Infostealers Weekly Report: 2024-07-08 – 2024-07-15
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 Brazil 754
- #2 Turkey 731
- #3 India 675
- #4 Indonesia 628
- #5 Argentina 538
- #6 Thailand 497
- #7 Egypt 483
- #8 Colombia 460
- #9 Pakistan 445
- #10 Mexico 424
- #11 Philippines 414
- #12 Peru 404
- #13 Spain 364
- #14 United States of America 359
- #15 Vietnam 339
- #16 Venezuela 304
- #17 Bangladesh 281
- #18 Chile 258
- #19 Algeria 202
- #20 Ecuador 171
- #21 Bolivia 154
- #22 Iraq 136
- #23 Dominican Republic 132
- #24 Morocco 129
- #25 Saudi Arabia 116
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 14,013 users
-
#2
facebook.com 12,278 users
-
#3
live.com 11,595 users
-
#4
instagram.com 6,392 users
-
#5
discord.com 6,013 users
-
#6
com.facebook.katana 5,978 users
-
#7
netflix.com 5,657 users
-
#8
roblox.com 5,268 users
-
#9
steampowered.com 4,901 users
-
#10
amazon.com 4,614 users
-
#11
twitter.com 4,216 users
-
#12
com.netflix.mediaclient 4,085 users
-
#13
com.instagram.android 4,074 users
-
#14
microsoftonline.com 3,580 users
-
#15
mega.nz 3,535 users
-
#16
spotify.com 3,522 users
-
#17
twitch.tv 3,503 users
-
#18
paypal.com 3,463 users
-
#19
riotgames.com 3,344 users
-
#20
epicgames.com 3,178 users
-
#21
apple.com 2,990 users
-
#22
192.168.1.1 2,921 users
-
#23
linkedin.com 2,905 users
-
#24
com.roblox.client 2,895 users
-
#25
steamcommunity.com 2,731 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
buenosaires.gob.ar 50 employees
-
#2
laureate.net 44 employees
-
#3
qq.com 44 employees
-
#4
wp.pl 44 employees
-
#5
firstmail.ltd 39 employees
-
#6
secop.gov.co 37 employees
-
#7
icicibank.com 36 employees
-
#8
watchit.com 34 employees
-
#9
hostinger.com 33 employees
-
#10
abv.bg 33 employees
-
#11
163.com 27 employees
-
#12
mail.tm 25 employees
-
#13
rediff.com 25 employees
-
#14
microsoft.com 24 employees
-
#15
freemail.hu 23 employees
-
#16
o2.pl 22 employees
-
#17
jwpub.org 22 employees
-
#18
cibertec.edu.pe 22 employees
-
#19
sapo.pt 21 employees
-
#20
skole.hr 21 employees
-
#21
aiep.cl 21 employees
-
#22
yandex.com.tr 21 employees
-
#23
utp.edu.pe 20 employees
-
#24
banquemisr.com 19 employees
-
#25
rockwellautomation.com 19 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
-
#2
-
#3
-
#4
ibm.com 4 employees
-
#5
jll.com 4 employees
-
#6
fedex.com 3 employees
-
#7
mastercard.com 2 employees
-
#8
publix.com 2 employees
-
#9
goodyear.com 2 employees
-
#10
xerox.com 2 employees
-
#11
avisbudgetgroup.com 1 employees
-
#12
jpmorganchase.com 1 employees
-
#13
mutualofomaha.com 1 employees
-
#14
abm.com 1 employees
-
#15
ncr.com 1 employees
-
#16
-
#17
ford.com 1 employees
-
#18
-
#19
pepsico.com 1 employees
-
#20
cognizant.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 622 users
-
#8
hp.com 560 users
-
#9
oracle.com 522 users
-
#10
-
#11
nike.com 399 users
-
#12
cisco.com 372 users
-
#13
walmart.com 158 users
-
#14
-
#15
ups.com 117 users
-
#16
westernunion.com 115 users
-
#17
intel.com 100 users
-
#18
-
#19
bestbuy.com 57 users
-
#20
target.com 54 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
5,978 users
Netflix
4,085 users
4,074 users
Roblox
2,895 users
Discord
2,723 users
Twitch
2,308 users
Spotify
2,109 users
1,803 users
Snapchat
1,558 users
Disney
1,177 users
PayPal
1,077 users
Mercadolibre
1,076 users
Mega
973 users
Zoom
865 users
Wish
854 users
Xiaomi
803 users
783 users
Waze
666 users
Alibaba
647 users
564 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 527,505 users
-
#2
hotmail.com 82,512 users
-
#3
yahoo.com 20,984 users
-
#4
outlook.com 13,954 users
-
#5
icloud.com 3,537 users
-
#6
hotmail.es 3,022 users
-
#7
-
#8
msn.com 1,649 users
-
#9
yahoo.com.ar 1,425 users
-
#10
yahoo.fr 1,272 users
-
#11
yahoo.com.br 1,152 users
-
#12
mail.ru 1,121 users
-
#13
yandex.ru 1,084 users
-
#14
hotmail.fr 1,008 users
-
#15
sfr.fr 799 users
-
#16
proton.me 636 users
-
#17
googlemail.com 622 users
-
#18
yahoo.co.id 579 users
-
#19
mail.com 569 users
-
#20
free.fr 568 users
-
#21
protonmail.com 508 users
-
#22
aol.com 494 users
-
#23
live.co.uk 446 users
-
#24
live.fr 340 users
-
#25
email.com 339 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 RedLine 15,113machines
- #2 Vidar 4,050machines
- #3 StealC 1,384machines
- #4 Lumma 1,097machines
- #5 Generic Stealer 156machines
- #6 Atomic 35machines
Anti-virus Coverage
- #1 Windows Defender 17,361machines
- #2 Reason Cybersecurity 916machines
- #3 None 776machines
- #4 Avast Antivirus 589machines
- #5 Unknown 530machines
- #6 360 Total Security 468machines
- #7 McAfee 304machines
- #8 AVG Antivirus 177machines
- #9 McAfee Firewall 159machines
- #10 McAfee VirusScan 152machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 58,546hits
- #2 sso 14,872hits
- #3 zoom 5,646hits
- #4 github 2,754hits
- #5 webmail 1,889hits
- #6 adfs 1,604hits
- #7 oracle 1,022hits
- #8 owa 873hits
- #9 zendesk 849hits
- #10 sts 802hits
- #11 sap 749hits
- #12 ping 664hits
- #13 vpn 638hits
- #14 kaspersky 575hits
- #15 cpanel 566hits
- #16 webex 376hits
- #17 extranet 374hits
- #18 ftp 352hits
- #19 st 337hits
- #20 roundcube 216hits
- #21 imap 182hits
- #22 salesforce 163hits
- #23 okta 162hits
- #24 zimbra 132hits
- #25 gitlab 127hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Infostealers Weekly Report: 2026-05-18 – 2026-05-25
- 14K machines
- 4K users
- 187K domains
Infostealers Weekly Report: 2026-05-11 – 2026-05-18
- 25K machines
- 2K users
- 319K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.