Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Sep 2 – Sep 9, 2024 12 min read

Infostealers Weekly Report: 2024-09-02 – 2024-09-09

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 18,978 Compromised Machines
#2 3,851 Compromised Employees
#3 5,157 Compromised Users
#4 9,970 Compromised Androids
#5 179,235 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 164
Infections by country

Top 25 countries

  1. #1 India 1,108
  2. #2 Indonesia 461
  3. #3 Egypt 314
  4. #4 Brazil 303
  5. #5 Turkey 278
  6. #6 Pakistan 271
  7. #7 Thailand 237
  8. #8 Mexico 187
  9. #9 Colombia 181
  10. #10 Vietnam 181
  11. #11 Philippines 177
  12. #12 Bangladesh 174
  13. #13 Argentina 158
  14. #14 Peru 139
  15. #15 Venezuela 115
  16. #16 Algeria 114
  17. #17 Spain 91
  18. #18 Chile 80
  19. #19 Iraq 76
  20. #20 Morocco 73
  21. #21 Ecuador 71
  22. #22 South Africa 70
  23. #23 Bolivia 61
  24. #24 Malaysia 55
  25. #25 Sri Lanka 55

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 12,335 users
  2. #2 facebook.com 10,434 users
  3. #3 live.com 9,612 users
  4. #4 instagram.com 5,601 users
  5. #5 com.facebook.katana 5,345 users
  6. #6 netflix.com 5,018 users
  7. #7 discord.com 4,924 users
  8. #8 steampowered.com 4,082 users
  9. #9 roblox.com 3,984 users
  10. #10 amazon.com 3,980 users
  11. #11 com.instagram.android 3,694 users
  12. #12 twitter.com 3,593 users
  13. #13 com.netflix.mediaclient 3,531 users
  14. #14 microsoftonline.com 3,332 users
  15. #15 paypal.com 2,949 users
  16. #16 riotgames.com 2,930 users
  17. #17 apple.com 2,875 users
  18. #18 twitch.tv 2,825 users
  19. #19 spotify.com 2,808 users
  20. #20 mega.nz 2,746 users
  21. #21 epicgames.com 2,639 users
  22. #22 192.168.1.1 2,608 users
  23. #23 com.discord 2,535 users
  24. #24 steamcommunity.com 2,479 users
  25. #25 com.spotify.music 2,439 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 icicibank.com 71 employees
  2. #2 hostinger.com 70 employees
  3. #3 163.com 68 employees
  4. #4 qq.com 48 employees
  5. #5 rediff.com 41 employees
  6. #6 buenosaires.gob.ar 36 employees
  7. #7 secop.gov.co 28 employees
  8. #8 mail.tm 27 employees
  9. #9 laureate.net 26 employees
  10. #10 watchit.com 24 employees
  11. #11 firstmail.ltd 21 employees
  12. #12 utp.edu.pe 21 employees
  13. #13 alxswe.com 21 employees
  14. #14 netpnb.com 19 employees
  15. #15 deped.gov.ph 19 employees
  16. #16 sep.gob.mx 18 employees
  17. #17 bobibanking.com 18 employees
  18. #18 hostgator.com 18 employees
  19. #19 sempreser.com.br 18 employees
  20. #20 secureserver.net 18 employees
  21. #21 yandex.com.tr 17 employees
  22. #22 icai.org 17 employees
  23. #23 inacap.cl 17 employees
  24. #24 sat.gob.mx 17 employees
  25. #25 login.sp.gov.br 15 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 11 employees
  2. #2 ibm.com 9 employees
  3. #3 microsoft.com 8 employees
  4. #4 cisco.com 4 employees
  5. #5 hp.com 3 employees
  6. #6 netflix.com 3 employees
  7. #7 apple.com 2 employees
  8. #8 ebay.com 2 employees
  9. #9 google.com 1 employees
  10. #10 ford.com 1 employees
  11. #11 pepsico.com 1 employees
  12. #12 csc.com 1 employees
  13. #13 symantec.com 1 employees
  14. #14 ncr.com 1 employees
  15. #15 verizon.com 1 employees
  16. #16 intel.com 1 employees
  17. #17 marriott.com 1 employees
  18. #18 humana.com 1 employees
  19. #19 salesforce.com 1 employees
  20. #20 paypal.com 1 employees

Compromised users

  1. #1 google.com 12,335 users
  2. #2 facebook.com 10,434 users
  3. #3 netflix.com 5,018 users
  4. #4 amazon.com 3,980 users
  5. #5 paypal.com 2,949 users
  6. #6 apple.com 2,875 users
  7. #7 oracle.com 482 users
  8. #8 microsoft.com 440 users
  9. #9 hp.com 429 users
  10. #10 ebay.com 387 users
  11. #11 nike.com 342 users
  12. #12 cisco.com 316 users
  13. #13 ibm.com 194 users
  14. #14 intel.com 88 users
  15. #15 walmart.com 81 users
  16. #16 westernunion.com 75 users
  17. #17 salesforce.com 65 users
  18. #18 ups.com 54 users
  19. #19 fedex.com 50 users
  20. #20 americanexpress.com 46 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

5,345 users

#2

Instagram

instagram.com · com.instagram.android

3,694 users

#3

Netflix

netflix.com · com.netflix.mediaclient

3,531 users

#4

Discord

discord.com · com.discord

2,535 users

#5

Spotify

spotify.com · com.spotify.music

2,439 users

#6

Roblox

roblox.com · com.roblox.client

2,427 users

#7

Pinterest

pinterest.com · com.pinterest

2,116 users

#8

Twitch

app.com · tv.twitch.android.app

2,032 users

#9

Twitter

twitter.com · com.twitter.android

1,743 users

#10

Snapchat

snapchat.com · com.snapchat.android

1,542 users

#11

Wish

contextlogic.com · com.contextlogic.wish

1,012 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

963 users

#13

Disney

disney.com · com.disney.disneyplus

924 users

#14

Mega

app.com · mega.privacy.android.app

871 users

#15

Zoom

videomeetings.com · us.zoom.videomeetings

849 users

#16

Mercadolibre

mercadolibre.com · com.mercadolibre

809 users

#17

LinkedIn

linkedin.com · com.linkedin.android

702 users

#18

Xiaomi

xiaomi.com · com.xiaomi.account

578 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

515 users

#20

Waze

waze.com · com.waze

514 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 479,807 users
  2. #2 hotmail.com 60,437 users
  3. #3 yahoo.com 15,381 users
  4. #4 outlook.com 12,897 users
  5. #5 icloud.com 2,811 users
  6. #6 hotmail.fr 1,603 users
  7. #7 live.com 1,257 users
  8. #8 msn.com 1,189 users
  9. #9 yahoo.com.br 1,080 users
  10. #10 ymail.com 940 users
  11. #11 yahoo.com.ar 797 users
  12. #12 yahoo.fr 700 users
  13. #13 yahoo.co.in 587 users
  14. #14 yahoo.co.id 571 users
  15. #15 yahoo.co.jp 495 users
  16. #16 mail.ru 486 users
  17. #17 mail.com 481 users
  18. #18 hotmail.es 473 users
  19. #19 yandex.com 373 users
  20. #20 hotmail.com.ar 314 users
  21. #21 live.com.mx 300 users
  22. #22 yandex.ru 293 users
  23. #23 terra.com.br 293 users
  24. #24 aol.com 266 users
  25. #25 yahoo.com.mx 264 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 10,434 accounts
  2. #2 twitter.com 3,593 accounts
  3. #3 instagram.com 5,601 accounts
  4. #4 linkedin.com 2,431 accounts
  5. #5 pinterest.com 937 accounts
  6. #6 tiktok.com 1,023 accounts
  7. #7 snapchat.com 779 accounts
  8. #8 reddit.com 407 accounts
  9. #9 youtube.com 66 accounts
  10. #10 weibo.com 68 accounts
  11. #11 vk.com 588 accounts
  12. #12 telegram.org 50 accounts
  13. #13 tumblr.com 258 accounts
  14. #14 discord.com 4,924 accounts
  15. #15 flickr.com 118 accounts
  16. #16 myspace.com 10 accounts
  17. #17 badoo.com 96 accounts
  18. #18 meetup.com 12 accounts
  19. #19 quora.com 80 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Generic Stealer 9,612machines
  2. #2 RedLine 5,320machines
  3. #3 StealC 2,420machines
  4. #4 Lumma 1,626machines

Anti-virus Coverage

  1. #1 Windows Defender 5,470machines
  2. #2 360 Total Security 288machines
  3. #3 Reason Cybersecurity 267machines
  4. #4 Avast Antivirus 245machines
  5. #5 McAfee 104machines
  6. #6 McAfee Firewall 68machines
  7. #7 None 56machines
  8. #8 Kaspersky 56machines
  9. #9 McAfee VirusScan 53machines
  10. #10 AVG Antivirus 43machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 51,470hits
  2. #2 sso 14,962hits
  3. #3 zoom 4,828hits
  4. #4 github 2,567hits
  5. #5 webmail 1,674hits
  6. #6 adfs 1,373hits
  7. #7 oracle 1,005hits
  8. #8 sap 812hits
  9. #9 zendesk 690hits
  10. #10 owa 682hits
  11. #11 vpn 555hits
  12. #12 ping 528hits
  13. #13 sts 484hits
  14. #14 cpanel 452hits
  15. #15 webex 297hits
  16. #16 extranet 264hits
  17. #17 kaspersky 262hits
  18. #18 roundcube 222hits
  19. #19 ftp 217hits
  20. #20 st 203hits
  21. #21 salesforce 186hits
  22. #22 okta 145hits
  23. #23 imap 142hits
  24. #24 gitlab 139hits
  25. #25 twilio 96hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure