Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Aug 18 – Aug 25, 2025 12 min read

Infostealers Weekly Report: 2025-08-18 – 2025-08-25

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 33,129 Compromised Machines
#2 5,780 Compromised Employees
#3 14,765 Compromised Users
#4 12,584 Compromised Androids
#5 103,502 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 172
Infections by country

Top 25 countries

  1. #1 India 885
  2. #2 United States of America 688
  3. #3 Philippines 447
  4. #4 France 433
  5. #5 Indonesia 395
  6. #6 Brazil 393
  7. #7 Vietnam 347
  8. #8 Mexico 332
  9. #9 Pakistan 306
  10. #10 Japan 302
  11. #11 Turkey 204
  12. #12 Egypt 203
  13. #13 Argentina 192
  14. #14 Spain 184
  15. #15 Germany 174
  16. #16 Colombia 162
  17. #17 United Kingdom 155
  18. #18 Poland 125
  19. #19 Bangladesh 122
  20. #20 Nigeria 109
  21. #21 Peru 108
  22. #22 Kenya 89
  23. #23 Chile 87
  24. #24 South Africa 86
  25. #25 Romania 78

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 16,176 users
  2. #2 facebook.com 12,354 users
  3. #3 live.com 10,599 users
  4. #4 instagram.com 7,213 users
  5. #5 com.facebook.katana 6,914 users
  6. #6 netflix.com 6,843 users
  7. #7 amazon.com 5,899 users
  8. #8 discord.com 5,667 users
  9. #9 com.instagram.android 4,838 users
  10. #10 com.netflix.mediaclient 4,685 users
  11. #11 microsoftonline.com 4,657 users
  12. #12 roblox.com 4,588 users
  13. #13 twitter.com 4,181 users
  14. #14 paypal.com 4,069 users
  15. #15 apple.com 3,911 users
  16. #16 linkedin.com 3,712 users
  17. #17 spotify.com 3,678 users
  18. #18 com.pinterest 3,247 users
  19. #19 steampowered.com 3,174 users
  20. #20 yahoo.com 3,165 users
  21. #21 com.spotify.music 3,075 users
  22. #22 openai.com 3,067 users
  23. #23 mega.nz 3,027 users
  24. #24 zoom.us 3,018 users
  25. #25 com.roblox.client 2,875 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 buenosaires.gob.ar 138 employees
  2. #2 hostinger.com 117 employees
  3. #3 ionos.es 104 employees
  4. #4 cuny.edu 101 employees
  5. #5 sts.net.pk 80 employees
  6. #6 bobibanking.com 58 employees
  7. #7 firstmail.ltd 57 employees
  8. #8 secureserver.net 53 employees
  9. #9 tmoviles.com.ar 52 employees
  10. #10 foxinc.com 52 employees
  11. #11 thinkpet.com.ar 52 employees
  12. #12 uade.edu.ar 52 employees
  13. #13 gcgestion.com.ar 52 employees
  14. #14 telefonica.com.ar 52 employees
  15. #15 napsislatam.com 52 employees
  16. #16 uat.edu.mx 51 employees
  17. #17 monclubint.org 45 employees
  18. #18 garanntor.net 45 employees
  19. #19 knust.edu.gh 45 employees
  20. #20 1and1.es 45 employees
  21. #21 main-hosting.eu 45 employees
  22. #22 icest.edu.mx 44 employees
  23. #23 konsoleh.co.za 44 employees
  24. #24 tindat.com 39 employees
  25. #25 icicibank.com 37 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 facebook.com 13 employees
  2. #2 ups.com 3 employees
  3. #3 microsoft.com 3 employees
  4. #4 publix.com 3 employees
  5. #5 rockwellautomation.com 2 employees
  6. #6 ebay.com 1 employees
  7. #7 pg.com 1 employees
  8. #8 centene.com 1 employees
  9. #9 netflix.com 1 employees
  10. #10 gm.com 1 employees
  11. #11 ppg.com 1 employees
  12. #12 prudential.com 1 employees
  13. #13 csc.com 1 employees
  14. #14 qualcomm.com 1 employees
  15. #15 hp.com 1 employees

Compromised users

  1. #1 google.com 16,176 users
  2. #2 facebook.com 12,354 users
  3. #3 netflix.com 6,843 users
  4. #4 amazon.com 5,899 users
  5. #5 paypal.com 4,069 users
  6. #6 apple.com 3,911 users
  7. #7 ebay.com 737 users
  8. #8 hp.com 661 users
  9. #9 oracle.com 642 users
  10. #10 microsoft.com 602 users
  11. #11 nike.com 500 users
  12. #12 cisco.com 349 users
  13. #13 ibm.com 269 users
  14. #14 westernunion.com 227 users
  15. #15 walmart.com 219 users
  16. #16 fedex.com 196 users
  17. #17 salesforce.com 157 users
  18. #18 adp.com 133 users
  19. #19 wellsfargo.com 110 users
  20. #20 intel.com 109 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20
#1

Facebook

facebook.com · com.facebook.katana

6,914 users

#2

Instagram

instagram.com · com.instagram.android

4,838 users

#3

Netflix

netflix.com · com.netflix.mediaclient

4,685 users

#4

Pinterest

pinterest.com · com.pinterest

3,247 users

#5

Spotify

spotify.com · com.spotify.music

3,075 users

#6

Roblox

roblox.com · com.roblox.client

2,875 users

#7

Discord

discord.com · com.discord

2,587 users

#8

Snapchat

snapchat.com · com.snapchat.android

2,348 users

#9

Twitter

twitter.com · com.twitter.android

2,277 users

#10

Twitch

app.com · tv.twitch.android.app

1,997 users

#11

PayPal

paypal.com · com.paypal.android.p2pmobile

1,412 users

#12

Wish

contextlogic.com · com.contextlogic.wish

1,404 users

#13

Disney

disney.com · com.disney.disneyplus

1,198 users

#14

Zoom

videomeetings.com · us.zoom.videomeetings

1,090 users

#15

LinkedIn

linkedin.com · com.linkedin.android

1,016 users

#16

Mercadolibre

mercadolibre.com · com.mercadolibre

820 users

#17

Xiaomi

xiaomi.com · com.xiaomi.account

767 users

#18

Mega

app.com · mega.privacy.android.app

736 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

606 users

#20

Waze

waze.com · com.waze

508 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25
  1. #1 gmail.com 756,689 users
  2. #2 hotmail.com 82,941 users
  3. #3 yahoo.com 33,969 users
  4. #4 outlook.com 17,353 users
  5. #5 icloud.com 4,782 users
  6. #6 msn.com 2,993 users
  7. #7 live.com 2,140 users
  8. #8 hotmail.es 2,013 users
  9. #9 mail.ru 1,609 users
  10. #10 yahoo.ca 1,266 users
  11. #11 ymail.com 1,119 users
  12. #12 yahoo.co.uk 1,114 users
  13. #13 yahoo.fr 1,060 users
  14. #14 live.com.mx 966 users
  15. #15 yahoo.co.id 909 users
  16. #16 hotmail.fr 885 users
  17. #17 ntlworld.com 846 users
  18. #18 yandex.ru 798 users
  19. #19 aol.com 736 users
  20. #20 yahoo.com.mx 679 users
  21. #21 proton.me 650 users
  22. #22 yahoo.com.br 643 users
  23. #23 yahoo.com.ar 537 users
  24. #24 yahoo.com.ph 471 users
  25. #25 protonmail.com 455 users

Top Compromised Social Platforms

Where saved sessions and logins lived

Social media services where compromised accounts had stored sessions or saved logins.

Top 19
  1. #1 facebook.com 12,354 accounts
  2. #2 twitter.com 4,182 accounts
  3. #3 instagram.com 7,213 accounts
  4. #4 linkedin.com 3,715 accounts
  5. #5 pinterest.com 1,313 accounts
  6. #6 tiktok.com 1,757 accounts
  7. #7 snapchat.com 1,164 accounts
  8. #8 reddit.com 475 accounts
  9. #9 youtube.com 42 accounts
  10. #10 weibo.com 21 accounts
  11. #11 vk.com 627 accounts
  12. #12 telegram.org 42 accounts
  13. #13 tumblr.com 303 accounts
  14. #14 discord.com 5,667 accounts
  15. #15 flickr.com 211 accounts
  16. #16 myspace.com 34 accounts
  17. #17 badoo.com 181 accounts
  18. #18 meetup.com 24 accounts
  19. #19 quora.com 94 accounts

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

  1. #1 Lumma 20,047machines
  2. #2 Generic Stealer 12,817machines
  3. #3 Vidar 265machines

Anti-virus Coverage

  1. #1 None 11,257machines
  2. #2 Windows Defender 8,450machines
  3. #3 Windows Defender [ON] 1,699machines
  4. #4 Reason Cybersecurity 425machines
  5. #5 Disabled 265machines
  6. #6 255machines
  7. #7 Avast Antivirus 71machines
  8. #8 360 Total Security 28machines
  9. #9 McAfee VirusScan Enterprise 28machines
  10. #10 Norton Security 28machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 85,263hits
  2. #2 sso 21,523hits
  3. #3 zoom 6,701hits
  4. #4 github 4,168hits
  5. #5 webmail 2,984hits
  6. #6 vpn 1,354hits
  7. #7 sap 1,339hits
  8. #8 adfs 1,259hits
  9. #9 oracle 1,153hits
  10. #10 owa 961hits
  11. #11 ping 826hits
  12. #12 sts 798hits
  13. #13 zendesk 747hits
  14. #14 cpanel 609hits
  15. #15 extranet 518hits
  16. #16 kaspersky 412hits
  17. #17 okta 392hits
  18. #18 roundcube 363hits
  19. #19 imap 338hits
  20. #20 webex 236hits
  21. #21 jira 235hits
  22. #22 gitlab 201hits
  23. #23 twilio 180hits
  24. #24 salesforce 176hits
  25. #25 ftp 155hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

  • 16K machines
  • 4K users
  • 200K domains
View report →
Apr 27 → May 4, 2026 12 min

Infostealers Weekly Report: 2026-04-27 – 2026-05-04

  • 14K machines
  • 4K users
  • 186K domains
View report →
Free Tools Check your exposure