Infostealers Weekly Report: 2024-10-07 – 2024-10-14
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 1,085
- #2 Brazil 826
- #3 Indonesia 569
- #4 Vietnam 494
- #5 Egypt 485
- #6 Thailand 464
- #7 Pakistan 442
- #8 Philippines 413
- #9 Mexico 279
- #10 Colombia 269
- #11 Turkey 265
- #12 Argentina 256
- #13 Bangladesh 250
- #14 Peru 238
- #15 United States of America 205
- #16 Morocco 179
- #17 South Africa 163
- #18 Spain 152
- #19 Algeria 136
- #20 Italy 126
- #21 Venezuela 126
- #22 France 118
- #23 South Korea 114
- #24 Chile 111
- #25 Iraq 106
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 8,712 users
-
#2
facebook.com 7,417 users
-
#3
live.com 6,668 users
-
#4
instagram.com 3,950 users
-
#5
com.facebook.katana 3,498 users
-
#6
discord.com 3,443 users
-
#7
netflix.com 3,281 users
-
#8
amazon.com 2,747 users
-
#9
roblox.com 2,591 users
-
#10
com.instagram.android 2,483 users
-
#11
twitter.com 2,417 users
-
#12
steampowered.com 2,385 users
-
#13
com.netflix.mediaclient 2,293 users
-
#14
paypal.com 2,273 users
-
#15
microsoftonline.com 2,132 users
-
#16
apple.com 2,050 users
-
#17
linkedin.com 1,952 users
-
#18
192.168.1.1 1,921 users
-
#19
mega.nz 1,887 users
-
#20
spotify.com 1,871 users
-
#21
twitch.tv 1,537 users
-
#22
epicgames.com 1,533 users
-
#23
riotgames.com 1,532 users
-
#24
com.roblox.client 1,469 users
-
#25
com.discord 1,448 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
icicibank.com 56 employees
-
#2
hostinger.com 52 employees
-
#3
firstmail.ltd 32 employees
-
#4
unionbankonline.co.in 24 employees
-
#5
rediff.com 23 employees
-
#6
secop.gov.co 22 employees
-
#7
163.com 21 employees
-
#8
bobibanking.com 21 employees
-
#9
skole.hr 20 employees
-
#10
naver.com 20 employees
-
#11
deped.gov.ph 20 employees
-
#12
kakao.com 19 employees
-
#13
aruba.it 18 employees
-
#14
watchit.com 18 employees
-
#15
secureserver.net 18 employees
-
#16
alxswe.com 18 employees
-
#17
icai.org 18 employees
-
#18
santander.com.br 17 employees
-
#19
wp.pl 16 employees
-
#20
abv.bg 16 employees
-
#21
freemail.hu 16 employees
-
#22
mail.bg 16 employees
-
#23
netpnb.com 15 employees
-
#24
tim.it 15 employees
-
#25
sat.gob.mx 14 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
rockwellautomation.com 10 employees
-
#2
cognizant.com 6 employees
-
#3
microsoft.com 6 employees
-
#4
ibm.com 4 employees
-
#5
qualcomm.com 3 employees
-
#6
salesforce.com 2 employees
-
#7
oracle.com 2 employees
-
#8
bestbuy.com 1 employees
-
#9
xerox.com 1 employees
-
#10
jpmorganchase.com 1 employees
-
#11
cisco.com 1 employees
-
#12
jbhunt.com 1 employees
-
#13
conocophillips.com 1 employees
-
#14
amark.com 1 employees
-
#15
abbott.com 1 employees
-
#16
chsinc.com 1 employees
-
#17
jnj.com 1 employees
-
#18
vfc.com 1 employees
-
#19
fnf.com 1 employees
-
#20
jll.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
ebay.com 389 users
-
#8
hp.com 340 users
-
#9
-
#10
-
#11
-
#12
nike.com 200 users
-
#13
walmart.com 118 users
-
#14
ups.com 97 users
-
#15
-
#16
westernunion.com 89 users
-
#17
intel.com 79 users
-
#18
-
#19
-
#20
fedex.com 46 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
3,498 users
2,483 users
Netflix
2,293 users
Roblox
1,469 users
Discord
1,448 users
Spotify
1,175 users
1,088 users
Twitch
1,053 users
Snapchat
986 users
PayPal
682 users
627 users
Disney
572 users
Zoom
550 users
Mega
545 users
Wish
537 users
509 users
Mercadolibre
438 users
Xiaomi
422 users
Alibaba
396 users
Waze
337 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 353,791 users
-
#2
hotmail.com 40,722 users
-
#3
yahoo.com 15,964 users
-
#4
outlook.com 9,352 users
-
#5
icloud.com 2,009 users
-
#6
-
#7
yahoo.fr 1,133 users
-
#8
hotmail.fr 1,054 users
-
#9
mail.ru 953 users
-
#10
hotmail.es 834 users
-
#11
ymail.com 742 users
-
#12
yahoo.com.ar 741 users
-
#13
yahoo.com.br 694 users
-
#14
live.fr 651 users
-
#15
alice.it 535 users
-
#16
mail.com 531 users
-
#17
yahoo.co.id 467 users
-
#18
gmx.de 397 users
-
#19
yandex.com 372 users
-
#20
hotmail.com.br 363 users
-
#21
msn.com 347 users
-
#22
hanmail.net 346 users
-
#23
protonmail.com 345 users
-
#24
web.de 335 users
-
#25
orange.fr 288 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 RedLine 5,305machines
- #2 Generic Stealer 2,967machines
- #3 StealC 2,470machines
- #4 Lumma 2,395machines
- #5 Vidar 251machines
Anti-virus Coverage
- #1 Windows Defender 9,075machines
- #2 Reason Cybersecurity 416machines
- #3 360 Total Security 313machines
- #4 Windows Defender [ON] 187machines
- #5 Avast Antivirus 167machines
- #6 Unknown 155machines
- #7 McAfee 113machines
- #8 None 83machines
- #9 McAfee Firewall 72machines
- #10 McAfee VirusScan 60machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 36,225hits
- #2 sso 11,065hits
- #3 zoom 3,005hits
- #4 github 1,916hits
- #5 webmail 1,607hits
- #6 adfs 1,044hits
- #7 sap 933hits
- #8 oracle 743hits
- #9 zendesk 463hits
- #10 cpanel 424hits
- #11 owa 414hits
- #12 sts 400hits
- #13 vpn 385hits
- #14 ping 325hits
- #15 kaspersky 261hits
- #16 webex 237hits
- #17 st 236hits
- #18 extranet 190hits
- #19 ftp 186hits
- #20 roundcube 172hits
- #21 imap 160hits
- #22 okta 125hits
- #23 twilio 123hits
- #24 salesforce 110hits
- #25 rlogin 85hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.