Infostealers Weekly Report: 2024-11-04 – 2024-11-11
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 737
- #2 Brazil 584
- #3 Vietnam 434
- #4 Indonesia 416
- #5 United States of America 272
- #6 Philippines 266
- #7 Thailand 214
- #8 Egypt 206
- #9 Turkey 191
- #10 Pakistan 164
- #11 Argentina 147
- #12 Bangladesh 140
- #13 Colombia 111
- #14 Mexico 101
- #15 France 97
- #16 South Africa 93
- #17 Romania 91
- #18 Malaysia 84
- #19 South Korea 75
- #20 Germany 75
- #21 Algeria 72
- #22 Saudi Arabia 67
- #23 Peru 67
- #24 Morocco 64
- #25 Poland 55
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 5,294 users
-
#2
facebook.com 4,505 users
-
#3
live.com 4,106 users
-
#4
discord.com 2,601 users
-
#5
instagram.com 2,533 users
-
#6
com.facebook.katana 2,395 users
-
#7
roblox.com 2,331 users
-
#8
netflix.com 2,115 users
-
#9
steampowered.com 1,692 users
-
#10
amazon.com 1,680 users
-
#11
com.instagram.android 1,658 users
-
#12
com.netflix.mediaclient 1,505 users
-
#13
twitter.com 1,460 users
-
#14
paypal.com 1,415 users
-
#15
microsoftonline.com 1,342 users
-
#16
apple.com 1,285 users
-
#17
spotify.com 1,281 users
-
#18
twitch.tv 1,259 users
-
#19
riotgames.com 1,251 users
-
#20
epicgames.com 1,183 users
-
#21
com.roblox.client 1,177 users
-
#22
mega.nz 1,054 users
-
#23
com.discord 1,046 users
-
#24
192.168.1.1 1,038 users
-
#25
steamcommunity.com 1,004 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
rediff.com 55 employees
-
#2
icicibank.com 52 employees
-
#3
firstmail.ltd 31 employees
-
#4
hostinger.com 26 employees
-
#5
sapo.pt 19 employees
-
#6
unionbankonline.co.in 15 employees
-
#7
indusind.com 14 employees
-
#8
icai.org 14 employees
-
#9
sts.net.pk 13 employees
-
#10
wp.pl 13 employees
-
#11
banquemisr.com 13 employees
-
#12
sempreser.com.br 11 employees
-
#13
163.com 11 employees
-
#14
login.sp.gov.br 11 employees
-
#15
bobibanking.com 11 employees
-
#16
atlassian.com 10 employees
-
#17
digimail.in 10 employees
-
#18
aruba.it 9 employees
-
#19
freemail.hu 9 employees
-
#20
indiapost.gov.in 9 employees
-
#21
secop.gov.co 9 employees
-
#22
naver.com 9 employees
-
#23
alxswe.com 9 employees
-
#24
mail.gov.in 9 employees
-
#25
santander.com.br 8 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
microsoft.com 7 employees
-
#2
rockwellautomation.com 4 employees
-
#3
qualcomm.com 2 employees
-
#4
nike.com 2 employees
-
#5
ibm.com 1 employees
-
#6
-
#7
ebay.com 1 employees
-
#8
jnj.com 1 employees
-
#9
cokecce.com 1 employees
-
#10
att.com 1 employees
-
#11
verizon.com 1 employees
-
#12
jetblue.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
-
#8
hp.com 223 users
-
#9
oracle.com 191 users
-
#10
-
#11
-
#12
cisco.com 111 users
-
#13
walmart.com 66 users
-
#14
-
#15
westernunion.com 44 users
-
#16
ups.com 42 users
-
#17
intel.com 42 users
-
#18
fedex.com 28 users
-
#19
bestbuy.com 24 users
-
#20
adp.com 20 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
2,395 users
1,658 users
Netflix
1,505 users
Roblox
1,177 users
Discord
1,046 users
Spotify
959 users
872 users
Twitch
764 users
721 users
Snapchat
698 users
Wish
468 users
PayPal
403 users
Zoom
367 users
Mega
345 users
340 users
Disney
312 users
Xiaomi
277 users
Mercadolibre
257 users
Waze
254 users
Alibaba
193 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 233,557 users
-
#2
hotmail.com 20,950 users
-
#3
yahoo.com 10,813 users
-
#4
outlook.com 6,428 users
-
#5
icloud.com 1,520 users
-
#6
-
#7
yahoo.com.br 813 users
-
#8
ymail.com 785 users
-
#9
yandex.com 676 users
-
#10
aol.com 507 users
-
#11
msn.com 379 users
-
#12
yahoo.fr 339 users
-
#13
hotmail.fr 314 users
-
#14
live.it 265 users
-
#15
yahoo.co.in 252 users
-
#16
rocketmail.com 251 users
-
#17
yahoo.co.jp 231 users
-
#18
orange.fr 223 users
-
#19
yahoo.co.id 215 users
-
#20
mail.com 193 users
-
#21
hotmail.es 173 users
-
#22
yahoo.co.uk 172 users
-
#23
yahoo.com.ar 161 users
-
#24
hotmail.co.uk 151 users
-
#25
gmx.de 150 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 Lumma 5,133machines
- #2 Generic Stealer 1,726machines
- #3 StealC 1,107machines
- #4 Vidar 210machines
- #5 RedLine 166machines
- #6 DarkCrystal 2machines
Anti-virus Coverage
- #1 Windows Defender 3,512machines
- #2 Windows Defender [ON] 740machines
- #3 Reason Cybersecurity 216machines
- #4 None 207machines
- #5 Quick Heal Total Security 28machines
- #6 360 Total Security 28machines
- #7 Reason Cybersecurity [OFF] 26machines
- #8 ESET Security 17machines
- #9 Avast Antivirus 14machines
- #10 Quick Heal AntiVirus Pro 14machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 23,773hits
- #2 sso 7,931hits
- #3 zoom 2,605hits
- #4 github 1,329hits
- #5 webmail 1,117hits
- #6 adfs 601hits
- #7 oracle 448hits
- #8 sap 413hits
- #9 cpanel 374hits
- #10 zendesk 327hits
- #11 owa 307hits
- #12 vpn 251hits
- #13 ping 215hits
- #14 sts 189hits
- #15 kaspersky 155hits
- #16 webex 140hits
- #17 st 128hits
- #18 extranet 110hits
- #19 ftp 94hits
- #20 okta 84hits
- #21 roundcube 81hits
- #22 imap 56hits
- #23 salesforce 49hits
- #24 twilio 45hits
- #25 zimbra 30hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.