Infostealers Weekly Report: 2024-08-26 – 2024-09-02
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 793
- #2 Pakistan 706
- #3 Brazil 584
- #4 Bangladesh 420
- #5 Turkey 417
- #6 Philippines 407
- #7 Egypt 379
- #8 Mexico 356
- #9 Indonesia 342
- #10 Argentina 323
- #11 Thailand 307
- #12 Colombia 299
- #13 Vietnam 296
- #14 Peru 270
- #15 Algeria 261
- #16 Taiwan 207
- #17 Nigeria 142
- #18 Iraq 133
- #19 Venezuela 131
- #20 Morocco 125
- #21 Chile 104
- #22 Romania 101
- #23 Ecuador 83
- #24 Kenya 75
- #25 Sri Lanka 70
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 14,365 users
-
#2
facebook.com 12,541 users
-
#3
live.com 11,443 users
-
#4
instagram.com 6,725 users
-
#5
com.facebook.katana 6,401 users
-
#6
netflix.com 5,939 users
-
#7
discord.com 5,881 users
-
#8
roblox.com 4,818 users
-
#9
steampowered.com 4,797 users
-
#10
amazon.com 4,580 users
-
#11
com.netflix.mediaclient 4,337 users
-
#12
com.instagram.android 4,291 users
-
#13
twitter.com 4,284 users
-
#14
microsoftonline.com 3,806 users
-
#15
paypal.com 3,330 users
-
#16
spotify.com 3,324 users
-
#17
apple.com 3,294 users
-
#18
mega.nz 3,289 users
-
#19
twitch.tv 3,224 users
-
#20
riotgames.com 3,215 users
-
#21
epicgames.com 3,194 users
-
#22
com.roblox.client 3,023 users
-
#23
com.discord 2,938 users
-
#24
linkedin.com 2,825 users
-
#25
192.168.1.1 2,812 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
hostinger.com 57 employees
-
#2
buenosaires.gob.ar 51 employees
-
#3
163.com 50 employees
-
#4
icicibank.com 47 employees
-
#5
qq.com 46 employees
-
#6
firstmail.ltd 38 employees
-
#7
secop.gov.co 36 employees
-
#8
inacap.cl 31 employees
-
#9
watchit.com 29 employees
-
#10
laureate.net 29 employees
-
#11
rediff.com 26 employees
-
#12
banquemisr.com 23 employees
-
#13
bluehost.com 22 employees
-
#14
sts.net.pk 21 employees
-
#15
utp.edu.pe 21 employees
-
#16
hinet.net 21 employees
-
#17
sempreser.com.br 20 employees
-
#18
deped.gov.ph 19 employees
-
#19
jwpub.org 19 employees
-
#20
naver.com 19 employees
-
#21
comipems.org.mx 18 employees
-
#22
tecnm.mx 18 employees
-
#23
aiep.cl 17 employees
-
#24
tigo.com.co 17 employees
-
#25
santander.com.br 16 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
rockwellautomation.com 16 employees
-
#2
microsoft.com 15 employees
-
#3
ibm.com 5 employees
-
#4
cognizant.com 4 employees
-
#5
hp.com 3 employees
-
#6
-
#7
pepsico.com 2 employees
-
#8
quantaservices.com 1 employees
-
#9
gs.com 1 employees
-
#10
salesforce.com 1 employees
-
#11
jll.com 1 employees
-
#12
antheminc.com 1 employees
-
#13
disney.com 1 employees
-
#14
csc.com 1 employees
-
#15
aa.com 1 employees
-
#16
bakerhughes.com 1 employees
-
#17
-
#18
intel.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 533 users
-
#8
oracle.com 526 users
-
#9
-
#10
-
#11
nike.com 415 users
-
#12
cisco.com 408 users
-
#13
-
#14
walmart.com 110 users
-
#15
-
#16
westernunion.com 86 users
-
#17
ups.com 85 users
-
#18
-
#19
fedex.com 50 users
-
#20
bestbuy.com 39 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
6,401 users
Netflix
4,337 users
4,291 users
Roblox
3,023 users
Discord
2,938 users
Spotify
2,774 users
Twitch
2,407 users
2,135 users
2,019 users
Snapchat
1,831 users
Disney
1,179 users
Wish
1,152 users
PayPal
1,083 users
Zoom
1,010 users
Mercadolibre
1,005 users
Mega
994 users
845 users
Xiaomi
695 users
Waze
580 users
Alibaba
580 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 547,749 users
-
#2
hotmail.com 73,567 users
-
#3
yahoo.com 20,211 users
-
#4
outlook.com 14,095 users
-
#5
icloud.com 3,119 users
-
#6
sfr.fr 2,012 users
-
#7
free.fr 1,815 users
-
#8
-
#9
msn.com 1,261 users
-
#10
hotmail.es 975 users
-
#11
yahoo.com.br 895 users
-
#12
yahoo.fr 822 users
-
#13
yahoo.com.ar 743 users
-
#14
mail.com 723 users
-
#15
ymail.com 618 users
-
#16
yahoo.co.jp 567 users
-
#17
orange.fr 562 users
-
#18
gmx.com 529 users
-
#19
hotmail.fr 529 users
-
#20
yahoo.com.mx 508 users
-
#21
aol.com 414 users
-
#22
yandex.com 413 users
-
#23
live.com.mx 394 users
-
#24
email.com 393 users
-
#25
mail.ru 377 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 Generic Stealer 8,628machines
- #2 RedLine 8,559machines
- #3 StealC 3,367machines
- #4 Lumma 1,503machines
Anti-virus Coverage
- #1 Windows Defender 8,532machines
- #2 Reason Cybersecurity 541machines
- #3 Avast Antivirus 437machines
- #4 360 Total Security 323machines
- #5 McAfee 118machines
- #6 McAfee Firewall 89machines
- #7 AVG Antivirus 87machines
- #8 None 84machines
- #9 McAfee VirusScan 80machines
- #10 Kaspersky 63machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 56,542hits
- #2 sso 14,760hits
- #3 zoom 5,440hits
- #4 github 3,051hits
- #5 sap 1,471hits
- #6 webmail 1,471hits
- #7 adfs 1,434hits
- #8 oracle 1,033hits
- #9 zendesk 709hits
- #10 owa 643hits
- #11 ping 543hits
- #12 cpanel 536hits
- #13 vpn 533hits
- #14 sts 502hits
- #15 webex 363hits
- #16 extranet 350hits
- #17 kaspersky 339hits
- #18 roundcube 278hits
- #19 st 272hits
- #20 salesforce 208hits
- #21 imap 205hits
- #22 ftp 178hits
- #23 okta 175hits
- #24 citrix 131hits
- #25 twilio 130hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.