Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Dec 2 – Dec 9, 2024 11 min read

Infostealers Weekly Report: 2024-12-02 – 2024-12-09

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 3,794 Compromised Machines
#2 751 Compromised Employees
#3 1,035 Compromised Users
#4 2,008 Compromised Androids
#5 42,232 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 114
Infections by country

Top 25 countries

  1. #1 India 384
  2. #2 Brazil 293
  3. #3 Vietnam 166
  4. #4 Indonesia 142
  5. #5 Egypt 100
  6. #6 Bangladesh 85
  7. #7 Argentina 84
  8. #8 Philippines 79
  9. #9 Pakistan 47
  10. #10 South Korea 43
  11. #11 Romania 39
  12. #12 South Africa 38
  13. #13 Thailand 36
  14. #14 Algeria 33
  15. #15 Colombia 32
  16. #16 Mexico 30
  17. #17 Turkey 29
  18. #18 Peru 29
  19. #19 Kenya 28
  20. #20 Sri Lanka 25
  21. #21 Morocco 24
  22. #22 Malaysia 24
  23. #23 Nigeria 21
  24. #24 Serbia 19
  25. #25 Venezuela 17

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 2,412 users
  2. #2 facebook.com 2,122 users
  3. #3 live.com 1,873 users
  4. #4 instagram.com 1,168 users
  5. #5 com.facebook.katana 1,115 users
  6. #6 netflix.com 963 users
  7. #7 discord.com 940 users
  8. #8 amazon.com 844 users
  9. #9 com.instagram.android 778 users
  10. #10 roblox.com 759 users
  11. #11 com.netflix.mediaclient 734 users
  12. #12 steampowered.com 716 users
  13. #13 twitter.com 666 users
  14. #14 paypal.com 639 users
  15. #15 microsoftonline.com 630 users
  16. #16 apple.com 623 users
  17. #17 linkedin.com 604 users
  18. #18 spotify.com 583 users
  19. #19 mega.nz 548 users
  20. #20 192.168.1.1 519 users
  21. #21 com.roblox.client 465 users
  22. #22 yahoo.com 457 users
  23. #23 com.discord 455 users
  24. #24 com.spotify.music 454 users
  25. #25 192.168.0.1 450 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 rediff.com 30 employees
  2. #2 hostinger.com 20 employees
  3. #3 icicibank.com 19 employees
  4. #4 icai.org 17 employees
  5. #5 indusind.com 12 employees
  6. #6 buenosaires.gob.ar 11 employees
  7. #7 redehospvetanclivepa.com.br 11 employees
  8. #8 skole.hr 7 employees
  9. #9 hostgator.com 7 employees
  10. #10 login.sp.gov.br 6 employees
  11. #11 secureserver.net 6 employees
  12. #12 verizonsmallbusinessessentials.com 6 employees
  13. #13 santander.com.br 6 employees
  14. #14 umbler.com 6 employees
  15. #15 mikroskil.ac.id 6 employees
  16. #16 turbify.com 6 employees
  17. #17 rblbank.com 5 employees
  18. #18 krakatau-it.co.id 5 employees
  19. #19 umpar.ac.id 5 employees
  20. #20 abv.bg 5 employees
  21. #21 idbibank.co.in 5 employees
  22. #22 digimail.in 5 employees
  23. #23 isacombank.com.vn 5 employees
  24. #24 apprecio.in 5 employees
  25. #25 kdl.co.id 5 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 4 employees
  2. #2 bakerhughes.com 3 employees
  3. #3 csc.com 3 employees
  4. #4 xerox.com 2 employees
  5. #5 visteon.com 2 employees
  6. #6 parker.com 2 employees
  7. #7 ibm.com 1 employees
  8. #8 hp.com 1 employees
  9. #9 microsoft.com 1 employees
  10. #10 publix.com 1 employees
  11. #11 apple.com 1 employees

Compromised users

  1. #1 google.com 2,412 users
  2. #2 facebook.com 2,122 users
  3. #3 netflix.com 963 users
  4. #4 amazon.com 844 users
  5. #5 paypal.com 639 users
  6. #6 apple.com 623 users
  7. #7 ebay.com 122 users
  8. #8 oracle.com 92 users
  9. #9 hp.com 85 users
  10. #10 nike.com 75 users
  11. #11 microsoft.com 68 users
  12. #12 cisco.com 47 users
  13. #13 westernunion.com 28 users
  14. #14 ibm.com 26 users
  15. #15 americanexpress.com 19 users
  16. #16 walmart.com 17 users
  17. #17 salesforce.com 14 users
  18. #18 visa.com 11 users
  19. #19 ups.com 11 users
  20. #20 jnj.com 10 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

1,115 users

#2

Instagram

instagram.com · com.instagram.android

778 users

#3

Netflix

netflix.com · com.netflix.mediaclient

734 users

#4

Roblox

roblox.com · com.roblox.client

465 users

#5

Discord

discord.com · com.discord

455 users

#6

Spotify

spotify.com · com.spotify.music

454 users

#7

Pinterest

pinterest.com · com.pinterest

344 users

#8

Snapchat

snapchat.com · com.snapchat.android

303 users

#9

Twitter

twitter.com · com.twitter.android

300 users

#10

Twitch

app.com · tv.twitch.android.app

289 users

#11

Wish

contextlogic.com · com.contextlogic.wish

206 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

203 users

#13

Mega

app.com · mega.privacy.android.app

179 users

#14

Mercadolibre

mercadolibre.com · com.mercadolibre

174 users

#15

LinkedIn

linkedin.com · com.linkedin.android

162 users

#16

Xiaomi

xiaomi.com · com.xiaomi.account

153 users

#17

Disney

disney.com · com.disney.disneyplus

137 users

#18

Zoom

videomeetings.com · us.zoom.videomeetings

135 users

#19

Waze

waze.com · com.waze

111 users

#20

Alibaba

alibaba.com · com.alibaba.aliexpresshd

107 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 105,124 users
  2. #2 hotmail.com 14,506 users
  3. #3 yahoo.com 4,519 users
  4. #4 outlook.com 2,423 users
  5. #5 live.com 768 users
  6. #6 ymail.com 522 users
  7. #7 icloud.com 512 users
  8. #8 yahoo.com.br 504 users
  9. #9 protonmail.com 426 users
  10. #10 msn.com 289 users
  11. #11 live.com.ar 265 users
  12. #12 yahoo.co.in 234 users
  13. #13 yahoo.fr 201 users
  14. #14 yahoo.co.id 184 users
  15. #15 yahoo.com.ar 130 users
  16. #16 mail.com 94 users
  17. #17 hotmail.es 86 users
  18. #18 yahoo.com.sg 85 users
  19. #19 live.fr 81 users
  20. #20 hanmail.net 75 users
  21. #21 rocketmail.com 68 users
  22. #22 hotmail.fr 57 users
  23. #23 aol.com 52 users
  24. #24 outlook.com.br 45 users
  25. #25 googlemail.com 43 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 2,122 accounts
  2. #2 twitter.com 666 accounts
  3. #3 instagram.com 1,168 accounts
  4. #4 linkedin.com 604 accounts
  5. #5 pinterest.com 199 accounts
  6. #6 tiktok.com 203 accounts
  7. #7 snapchat.com 156 accounts
  8. #8 reddit.com 80 accounts
  9. #9 youtube.com 12 accounts
  10. #10 weibo.com 7 accounts
  11. #11 vk.com 100 accounts
  12. #12 telegram.org 21 accounts
  13. #13 tumblr.com 48 accounts
  14. #14 discord.com 940 accounts
  15. #15 flickr.com 42 accounts
  16. #16 myspace.com 5 accounts
  17. #17 badoo.com 26 accounts
  18. #18 meetup.com 2 accounts
  19. #19 quora.com 17 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 1,881machines
  2. #2 StealC 1,359machines
  3. #3 Generic Stealer 553machines
  4. #4 DarkCrystal 1machines

Anti-virus Coverage

  1. #1 Windows Defender 872machines
  2. #2 Windows Defender [ON] 404machines
  3. #3 None 85machines
  4. #4 Reason Cybersecurity 47machines
  5. #5 Quick Heal Total Security 12machines
  6. #6 Reason Cybersecurity [OFF] 10machines
  7. #7 360 Total Security 10machines
  8. #8 Quick Heal Internet Security 7machines
  9. #9 ESET Security 6machines
  10. #10 Malwarebytes [OFF] 4machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 10,734hits
  2. #2 sso 2,988hits
  3. #3 zoom 770hits
  4. #4 github 591hits
  5. #5 webmail 397hits
  6. #6 adfs 334hits
  7. #7 oracle 326hits
  8. #8 zendesk 172hits
  9. #9 vpn 152hits
  10. #10 owa 144hits
  11. #11 sap 142hits
  12. #12 ping 98hits
  13. #13 cpanel 91hits
  14. #14 sts 86hits
  15. #15 kaspersky 85hits
  16. #16 webex 57hits
  17. #17 okta 46hits
  18. #18 st 37hits
  19. #19 ftp 32hits
  20. #20 imap 29hits
  21. #21 salesforce 26hits
  22. #22 extranet 24hits
  23. #23 twilio 23hits
  24. #24 roundcube 20hits
  25. #25 citrix 17hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure