Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Apr 7 – Apr 14, 2025 12 min read

Infostealers Weekly Report: 2025-04-07 – 2025-04-14

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 9,100 Compromised Machines
#2 2,300 Compromised Employees
#3 1,958 Compromised Users
#4 4,842 Compromised Androids
#5 96,049 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 138
Infections by country

Top 25 countries

  1. #1 India 577
  2. #2 Vietnam 532
  3. #3 Brazil 283
  4. #4 Philippines 217
  5. #5 Indonesia 183
  6. #6 Bangladesh 131
  7. #7 Pakistan 128
  8. #8 Turkey 115
  9. #9 Argentina 112
  10. #10 United States of America 106
  11. #11 Poland 105
  12. #12 Thailand 98
  13. #13 Egypt 87
  14. #14 France 76
  15. #15 Mexico 70
  16. #16 Sri Lanka 63
  17. #17 Germany 55
  18. #18 Japan 54
  19. #19 Colombia 53
  20. #20 South Africa 52
  21. #21 Morocco 51
  22. #22 Algeria 48
  23. #23 Kenya 47
  24. #24 Romania 46
  25. #25 Malaysia 44

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 6,358 users
  2. #2 facebook.com 5,226 users
  3. #3 live.com 4,226 users
  4. #4 instagram.com 2,758 users
  5. #5 netflix.com 2,689 users
  6. #6 com.facebook.katana 2,607 users
  7. #7 discord.com 2,489 users
  8. #8 roblox.com 2,052 users
  9. #9 amazon.com 1,934 users
  10. #10 com.instagram.android 1,898 users
  11. #11 steampowered.com 1,771 users
  12. #12 com.netflix.mediaclient 1,721 users
  13. #13 twitter.com 1,618 users
  14. #14 microsoftonline.com 1,536 users
  15. #15 paypal.com 1,502 users
  16. #16 spotify.com 1,442 users
  17. #17 apple.com 1,388 users
  18. #18 linkedin.com 1,342 users
  19. #19 riotgames.com 1,290 users
  20. #20 com.roblox.client 1,271 users
  21. #21 twitch.tv 1,249 users
  22. #22 com.discord 1,181 users
  23. #23 192.168.1.1 1,176 users
  24. #24 epicgames.com 1,126 users
  25. #25 mega.nz 1,103 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 hostinger.com 65 employees
  2. #2 icicibank.com 62 employees
  3. #3 rediff.com 35 employees
  4. #4 firstmail.ltd 30 employees
  5. #5 icai.org 25 employees
  6. #6 buenosaires.gob.ar 24 employees
  7. #7 web-hosting.com 22 employees
  8. #8 secureserver.net 20 employees
  9. #9 163.com 15 employees
  10. #10 freemail.hu 15 employees
  11. #11 pnbibanking.in 14 employees
  12. #12 deped.gov.ph 14 employees
  13. #13 sapo.pt 14 employees
  14. #14 unionbankonline.co.in 14 employees
  15. #15 aruba.it 13 employees
  16. #16 myntra.com 13 employees
  17. #17 naver.com 13 employees
  18. #18 netpnb.com 13 employees
  19. #19 techwave.internal 12 employees
  20. #20 cnea.gob.ar 11 employees
  21. #21 binhphuoc.gov.vn 11 employees
  22. #22 kakao.com 11 employees
  23. #23 payoneer.com 11 employees
  24. #24 quangnam.gov.vn 11 employees
  25. #25 signinid.com 10 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 microsoft.com 6 employees
  2. #2 rockwellautomation.com 5 employees
  3. #3 csc.com 4 employees
  4. #4 dow.com 3 employees
  5. #5 drhorton.com 2 employees
  6. #6 ibm.com 1 employees
  7. #7 cognizant.com 1 employees
  8. #8 emc.com 1 employees
  9. #9 google.com 1 employees
  10. #10 apple.com 1 employees
  11. #11 salesforce.com 1 employees
  12. #12 gm.com 1 employees
  13. #13 netflix.com 1 employees
  14. #14 amazon.com 1 employees

Compromised users

  1. #1 google.com 6,358 users
  2. #2 facebook.com 5,226 users
  3. #3 netflix.com 2,689 users
  4. #4 amazon.com 1,934 users
  5. #5 paypal.com 1,502 users
  6. #6 apple.com 1,388 users
  7. #7 microsoft.com 319 users
  8. #8 ebay.com 312 users
  9. #9 oracle.com 204 users
  10. #10 nike.com 183 users
  11. #11 salesforce.com 182 users
  12. #12 hp.com 158 users
  13. #13 cisco.com 122 users
  14. #14 ibm.com 71 users
  15. #15 walmart.com 62 users
  16. #16 ups.com 56 users
  17. #17 adp.com 46 users
  18. #18 westernunion.com 44 users
  19. #19 fedex.com 42 users
  20. #20 intel.com 29 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

2,607 users

#2

Instagram

instagram.com · com.instagram.android

1,898 users

#3

Netflix

netflix.com · com.netflix.mediaclient

1,721 users

#4

Roblox

roblox.com · com.roblox.client

1,271 users

#5

Discord

discord.com · com.discord

1,181 users

#6

Spotify

spotify.com · com.spotify.music

1,060 users

#7

Pinterest

pinterest.com · com.pinterest

978 users

#8

Snapchat

snapchat.com · com.snapchat.android

787 users

#9

Twitch

app.com · tv.twitch.android.app

764 users

#10

Twitter

twitter.com · com.twitter.android

712 users

#11

Zoom

videomeetings.com · us.zoom.videomeetings

481 users

#12

Wish

contextlogic.com · com.contextlogic.wish

441 users

#13

PayPal

paypal.com · com.paypal.android.p2pmobile

422 users

#14

Mega

app.com · mega.privacy.android.app

402 users

#15

LinkedIn

linkedin.com · com.linkedin.android

336 users

#16

Xiaomi

xiaomi.com · com.xiaomi.account

316 users

#17

Disney

disney.com · com.disney.disneyplus

260 users

#18

Mercadolibre

mercadolibre.com · com.mercadolibre

234 users

#19

Waze

waze.com · com.waze

201 users

#20

Alibaba

alibaba.com · com.alibaba.aliexpresshd

191 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 284,959 users
  2. #2 hotmail.com 23,023 users
  3. #3 yahoo.com 10,907 users
  4. #4 outlook.com 5,889 users
  5. #5 live.com 1,207 users
  6. #6 icloud.com 1,129 users
  7. #7 ymail.com 921 users
  8. #8 yahoo.com.ar 723 users
  9. #9 hotmail.fr 536 users
  10. #10 yahoo.fr 514 users
  11. #11 msn.com 458 users
  12. #12 protonmail.com 433 users
  13. #13 yahoo.co.id 423 users
  14. #14 yahoo.de 401 users
  15. #15 gmx.com 364 users
  16. #16 libero.it 316 users
  17. #17 mail.com 255 users
  18. #18 yahoo.com.br 250 users
  19. #19 hanmail.net 244 users
  20. #20 proton.me 203 users
  21. #21 live.com.ar 196 users
  22. #22 telenet.be 191 users
  23. #23 yahoo.co.in 172 users
  24. #24 web.de 164 users
  25. #25 email.com 163 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 5,226 accounts
  2. #2 twitter.com 1,618 accounts
  3. #3 instagram.com 2,758 accounts
  4. #4 linkedin.com 1,342 accounts
  5. #5 pinterest.com 488 accounts
  6. #6 tiktok.com 638 accounts
  7. #7 snapchat.com 444 accounts
  8. #8 reddit.com 234 accounts
  9. #9 youtube.com 84 accounts
  10. #10 weibo.com 19 accounts
  11. #11 vk.com 279 accounts
  12. #12 telegram.org 23 accounts
  13. #13 tumblr.com 156 accounts
  14. #14 discord.com 2,489 accounts
  15. #15 flickr.com 99 accounts
  16. #16 myspace.com 20 accounts
  17. #17 badoo.com 40 accounts
  18. #18 meetup.com 10 accounts
  19. #19 quora.com 35 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 4,513machines
  2. #2 Generic Stealer 4,428machines
  3. #3 Vidar 159machines

Anti-virus Coverage

  1. #1 Windows Defender 3,774machines
  2. #2 Windows Defender [ON] 383machines
  3. #3 None 199machines
  4. #4 Disabled 159machines
  5. #5 Reason Cybersecurity 79machines
  6. #6 McAfee 70machines
  7. #7 Bkav Pro Internet Security 47machines
  8. #8 McAfee VirusScan 38machines
  9. #9 McAfee Firewall 35machines
  10. #10 360 Total Security 17machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 28,409hits
  2. #2 sso 7,084hits
  3. #3 zoom 2,625hits
  4. #4 github 1,698hits
  5. #5 webmail 996hits
  6. #6 sap 590hits
  7. #7 adfs 508hits
  8. #8 zendesk 495hits
  9. #9 salesforce 444hits
  10. #10 oracle 421hits
  11. #11 cpanel 370hits
  12. #12 vpn 274hits
  13. #13 owa 266hits
  14. #14 ping 212hits
  15. #15 sts 166hits
  16. #16 roundcube 161hits
  17. #17 webex 141hits
  18. #18 okta 140hits
  19. #19 ftp 111hits
  20. #20 kaspersky 100hits
  21. #21 st 99hits
  22. #22 imap 92hits
  23. #23 twilio 82hits
  24. #24 extranet 77hits
  25. #25 gitlab 57hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
Free Tools Check your exposure