Weekly intelligence Mar 9 – Mar 16, 2026 12 min read

Infostealers Weekly Report: 2026-03-09 – 2026-03-16

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.

#1 11,474 Compromised Machines

#2 2,062 Compromised Employees

#3 2,555 Compromised Users

#4 6,857 Compromised Androids

#5 147,106 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 171

Infections by country

Top 25 countries

#1 India 1,689
#2 Brazil 380
#3 Vietnam 329
#4 Bangladesh 295
#5 Pakistan 258
#6 Indonesia 198
#7 Philippines 173
#8 Argentina 120
#9 Egypt 116
#10 Sri Lanka 114
#11 United States of America 109
#12 Mexico 107
#13 Algeria 94
#14 South Africa 89
#15 Colombia 82
#16 France 66
#17 Chile 63
#18 Kenya 63
#19 Morocco 62
#20 Nigeria 61
#21 Turkey 61
#22 Thailand 60
#23 Nepal 57
#24 Peru 56
#25 Spain 46

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 7,489 users
#2 facebook.com 5,763 users
#3 live.com 4,735 users
#4 com.facebook.katana 3,747 users
#5 instagram.com 3,729 users
#6 com.instagram.android 3,023 users
#7 netflix.com 2,380 users
#8 amazon.com 2,295 users
#9 discord.com 2,230 users
#10 apple.com 2,103 users
#11 com.netflix.mediaclient 2,033 users
#12 microsoftonline.com 1,753 users
#13 roblox.com 1,695 users
#14 paypal.com 1,642 users
#15 steampowered.com 1,574 users
#16 192.168.1.1 1,556 users
#17 mega.nz 1,486 users
#18 twitter.com 1,454 users
#19 linkedin.com 1,454 users
#20 com.roblox.client 1,453 users
#21 openai.com 1,408 users
#22 com.pinterest 1,345 users
#23 amazon.in 1,334 users
#24 com.snapchat.android 1,333 users
#25 com.spotify.music 1,325 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 icicibank.com 80 employees
#2 hostinger.com 70 employees
#3 netpnb.com 63 employees
#4 rediff.com 53 employees
#5 bank.in 43 employees
#6 mail.tm 31 employees
#7 unionbankonline.co.in 28 employees
#8 pnbibanking.in 27 employees
#9 firstmail.ltd 26 employees
#10 santander.com.br 25 employees
#11 onlinesbi.sbi 25 employees
#12 icai.org 25 employees
#13 digimail.in 24 employees
#14 163.com 19 employees
#15 bobibanking.com 19 employees
#16 onlinesbi.com 18 employees
#17 aruba.it 17 employees
#18 buenosaires.gob.ar 16 employees
#19 fednetbank.com 14 employees
#20 abv.bg 13 employees
#21 indusind.com 12 employees
#22 microsoft.com 12 employees
#23 sts.net.pk 11 employees
#24 banquemisr.com 11 employees
#25 jwpub.org 11 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 12 employees
#2 ibm.com 4 employees
#3 publix.com 2 employees
#4 salesforce.com 2 employees
#5 metlife.com 2 employees
#6 ameriprise.com 1 employees
#7 abbott.com 1 employees
#8 apple.com 1 employees
#9 rockwellautomation.com 1 employees
#10 zimmerbiomet.com 1 employees
#11 cisco.com 1 employees
#12 gapinc.com 1 employees
#13 starwoodhotels.com 1 employees
#14 cognizant.com 1 employees
#15 harman.com 1 employees
#16 chevron.com 1 employees
#17 alcoa.com 1 employees
#18 target.com 1 employees

Compromised users

#1 google.com 7,489 users
#2 facebook.com 5,763 users
#3 netflix.com 2,380 users
#4 amazon.com 2,295 users
#5 apple.com 2,103 users
#6 paypal.com 1,642 users
#7 oracle.com 297 users
#8 hp.com 288 users
#9 ebay.com 282 users
#10 microsoft.com 256 users
#11 nike.com 139 users
#12 cisco.com 137 users
#13 ibm.com 132 users
#14 walmart.com 87 users
#15 westernunion.com 63 users
#16 broadcom.com 63 users
#17 salesforce.com 55 users
#18 intel.com 54 users
#19 ups.com 41 users
#20 bestbuy.com 37 users

Compromised Mobile Apps

Top Android apps found in infected caches

The Android applications most frequently found in infected device caches this week.

Top 20

Facebook

facebook.com · com.facebook.katana

3,747 users

Instagram

instagram.com · com.instagram.android

3,023 users

Netflix

netflix.com · com.netflix.mediaclient

2,033 users

Roblox

roblox.com · com.roblox.client

1,453 users

pinterest.com · com.pinterest

1,345 users

Snapchat

snapchat.com · com.snapchat.android

1,333 users

Spotify

spotify.com · com.spotify.music

1,325 users

Discord

discord.com · com.discord

1,274 users

Twitter

twitter.com · com.twitter.android

985 users

#10

Twitch

app.com · tv.twitch.android.app

670 users

#11

Wish

contextlogic.com · com.contextlogic.wish

638 users

#12

PayPal

paypal.com · com.paypal.android.p2pmobile

632 users

#13

Mega

app.com · mega.privacy.android.app

610 users

#14

Xiaomi

xiaomi.com · com.xiaomi.account

565 users

#15

Zoom

videomeetings.com · us.zoom.videomeetings

515 users

#16

linkedin.com · com.linkedin.android

428 users

#17

Disney

disney.com · com.disney.disneyplus

356 users

#18

Mercadolibre

mercadolibre.com · com.mercadolibre

251 users

#19

Alibaba

alibaba.com · com.alibaba.aliexpresshd

249 users

#20

Waze

waze.com · com.waze

210 users

Top Compromised Email Providers

Email domains tied to compromised credentials

Gmail, hotmail, and beyond — providers seen across this week's stealer logs.

Top 25

#1 gmail.com 298,931 users
#2 hotmail.com 18,428 users
#3 yahoo.com 9,670 users
#4 outlook.com 6,353 users
#5 icloud.com 2,047 users
#6 yahoo.com.br 938 users
#7 hotmail.fr 792 users
#8 msn.com 781 users
#9 orange.fr 562 users
#10 live.com 488 users
#11 live.it 467 users
#12 gmx.de 442 users
#13 hotmail.es 424 users
#14 ymail.com 407 users
#15 mail.ru 401 users
#16 yahoo.fr 394 users
#17 free.fr 348 users
#18 yandex.com 315 users
#19 web.de 309 users
#20 mail.com 285 users
#21 yahoo.co.in 267 users
#22 sfr.fr 210 users
#23 hotmail.co.uk 205 users
#24 hotmail.it 203 users
#25 protonmail.com 201 users

Malware Landscape

Stealer families & anti-virus coverage

Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.

Stealer Families

#1 Generic Stealer 7,500machines
#2 Vidar 2,713machines
#3 Acreed 1,009machines
#4 Lumma 252machines

Anti-virus Coverage

#1 Windows Defender 5,641machines
#2 No anti-virus installed 2,156machines
#3 Disabled 8machines
#4 None 4machines
#5 Avast 4machines
#6 AVG 3machines
#7 Malwarebytes 1machines

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 35,752hits
#2 sso 8,349hits
#3 zoom 2,316hits
#4 github 1,793hits
#5 webmail 1,198hits
#6 adfs 699hits
#7 oracle 632hits
#8 sap 560hits
#9 salesforce 474hits
#10 zendesk 424hits
#11 vpn 423hits
#12 sts 416hits
#13 cpanel 372hits
#14 owa 322hits
#15 ping 275hits
#16 st 217hits
#17 kaspersky 157hits
#18 webex 152hits
#19 ftp 132hits
#20 twilio 118hits
#21 extranet 113hits
#22 rlogin 109hits
#23 okta 99hits
#24 roundcube 76hits
#25 imap 68hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 15 → Jun 22, 2026 13 min

Infostealers Weekly Report: 2026-06-15 – 2026-06-22

16K machines
3K users
216K domains

View report →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

Infostealers Weekly Report: 2026-03-09 – 2026-03-16

Where infections came from

Where users had active sessions

Employees caught in the logs

Top S&P companies hit this week

Compromised employees

Compromised users

Top Android apps found in infected caches

Facebook

Instagram

Netflix

Roblox

Pinterest

Snapchat

Spotify

Discord

Twitter

Twitch

Wish

PayPal

Mega

Xiaomi

Zoom

LinkedIn

Disney

Mercadolibre

Alibaba

Waze

Email domains tied to compromised credentials

Stealer families & anti-virus coverage

Stealer Families

Anti-virus Coverage

What attackers grep for

Get this depth of insight on your own organization.

Previous weekly briefings

Infostealers Weekly Report: 2026-06-15 – 2026-06-22

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

Where infections came from

Where users had active sessions

Employees caught in the logs

Top S&P companies hit this week

Compromised employees

Compromised users

Top Android apps found in infected caches

Facebook

Instagram

Netflix

Roblox

Pinterest

Snapchat

Spotify

Discord

Twitter

Twitch

Wish

PayPal

Mega

Xiaomi

Zoom

LinkedIn

Disney

Mercadolibre

Alibaba

Waze

Email domains tied to compromised credentials

Where saved sessions and logins lived

Stealer families & anti-virus coverage

Stealer Families

Anti-virus Coverage

What attackers grep for

Get this depth of insight on your own organization.

Previous weekly briefings

Infostealers Weekly Report: 2026-06-15 – 2026-06-22

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

Infostealers Weekly Report: 2026-06-01 – 2026-06-08