Infostealers Weekly Report: 2026-06-08 – 2026-06-15
InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report and info-stealers statistics.
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 India 2,099
- #2 Indonesia 272
- #3 France 240
- #4 Bangladesh 200
- #5 Spain 187
- #6 Vietnam 158
- #7 Philippines 146
- #8 Brazil 135
- #9 South Africa 133
- #10 United States of America 116
- #11 United Kingdom 88
- #12 Egypt 86
- #13 Italy 81
- #14 Japan 73
- #15 Algeria 67
- #16 Sri Lanka 64
- #17 Canada 59
- #18 Germany 53
- #19 Mexico 52
- #20 Uganda 50
- #21 Morocco 47
- #22 Nigeria 44
- #23 Saudi Arabia 43
- #24 Kenya 38
- #25 Thailand 34
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 6,595 users
-
#2
facebook.com 4,482 users
-
#3
live.com 3,883 users
-
#4
instagram.com 3,307 users
-
#5
com.facebook.katana 2,831 users
-
#6
com.instagram.android 2,406 users
-
#7
netflix.com 2,154 users
-
#8
amazon.com 2,064 users
-
#9
discord.com 1,879 users
-
#10
com.netflix.mediaclient 1,533 users
-
#11
microsoftonline.com 1,475 users
-
#12
apple.com 1,472 users
-
#13
linkedin.com 1,423 users
-
#14
paypal.com 1,407 users
-
#15
amazon.in 1,375 users
-
#16
twitter.com 1,314 users
-
#17
openai.com 1,306 users
-
#18
steampowered.com 1,299 users
-
#19
com.snapchat.android 1,166 users
-
#20
roblox.com 1,150 users
-
#21
com.pinterest 1,146 users
-
#22
spotify.com 1,136 users
-
#23
github.com 1,128 users
-
#24
com.spotify.music 1,052 users
-
#25
192.168.1.1 1,034 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
icicibank.com 67 employees
-
#2
hostinger.com 62 employees
-
#3
rediff.com 33 employees
-
#4
bobibanking.com 32 employees
-
#5
pnbibanking.in 20 employees
-
#6
netpnb.com 19 employees
-
#7
njoyn.com 18 employees
-
#8
icai.org 17 employees
-
#9
tim.it 16 employees
-
#10
aruba.it 16 employees
-
#11
firstmail.ltd 15 employees
-
#12
unionbankonline.co.in 15 employees
-
#13
bankofbaroda.bank.in 14 employees
-
#14
pec.it 13 employees
-
#15
jio.com 13 employees
-
#16
163.com 12 employees
-
#17
bluehost.com 11 employees
-
#18
pnb.bank.in 10 employees
-
#19
secureserver.net 10 employees
-
#20
amityonline.com 10 employees
-
#21
mail.tm 10 employees
-
#22
ovh.net 10 employees
-
#23
republictt.com 9 employees
-
#24
alxswe.com 9 employees
-
#25
fednetbank.com 9 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
microsoft.com 8 employees
-
#2
-
#3
aflac.com 4 employees
-
#4
visa.com 2 employees
-
#5
jacobs.com 2 employees
-
#6
rockwellautomation.com 2 employees
-
#7
cognizant.com 2 employees
-
#8
hess.com 2 employees
-
#9
duke-energy.com 1 employees
-
#10
salesforce.com 1 employees
-
#11
csx.com 1 employees
-
#12
-
#13
symantec.com 1 employees
-
#14
honeywell.com 1 employees
-
#15
ibm.com 1 employees
-
#16
adp.com 1 employees
-
#17
publix.com 1 employees
-
#18
interpublic.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
oracle.com 291 users
-
#8
-
#9
hp.com 232 users
-
#10
ebay.com 181 users
-
#11
nike.com 157 users
-
#12
cisco.com 152 users
-
#13
-
#14
broadcom.com 91 users
-
#15
walmart.com 80 users
-
#16
ups.com 80 users
-
#17
-
#18
westernunion.com 50 users
-
#19
fedex.com 44 users
-
#20
intel.com 44 users
Compromised Mobile Apps
Top Android apps found in infected caches
The Android applications most frequently found in infected device caches this week.
2,831 users
2,406 users
Netflix
1,533 users
Snapchat
1,166 users
1,146 users
Spotify
1,052 users
Discord
1,003 users
Roblox
870 users
751 users
Twitch
563 users
Zoom
529 users
PayPal
466 users
Wish
410 users
Xiaomi
397 users
397 users
Mega
332 users
Disney
226 users
Alibaba
177 users
Waze
114 users
Mercadolibre
114 users
Top Compromised Email Providers
Email domains tied to compromised credentials
Gmail, hotmail, and beyond — providers seen across this week's stealer logs.
-
#1
gmail.com 277,699 users
-
#2
hotmail.com 17,654 users
-
#3
yahoo.com 5,786 users
-
#4
outlook.com 4,949 users
-
#5
hotmail.fr 2,740 users
-
#6
live.fr 1,942 users
-
#7
icloud.com 1,848 users
-
#8
yahoo.co.jp 1,096 users
-
#9
hotmail.co.uk 806 users
-
#10
web.de 795 users
-
#11
orange.fr 787 users
-
#12
yahoo.fr 731 users
-
#13
-
#14
hotmail.es 630 users
-
#15
proton.me 626 users
-
#16
yahoo.co.uk 579 users
-
#17
msn.com 498 users
-
#18
free.fr 491 users
-
#19
hotmail.it 456 users
-
#20
hotmail.de 367 users
-
#21
laposte.net 348 users
-
#22
libero.it 326 users
-
#23
mail.com 310 users
-
#24
yahoo.it 274 users
-
#25
protonmail.com 273 users
Malware Landscape
Stealer families & anti-virus coverage
Malware families responsible for this week's infections, and the anti-virus solutions reported by infected hosts.
Stealer Families
- #1 Generic Stealer 8,280machines
- #2 Acreed 840machines
- #3 Lumma 343machines
Anti-virus Coverage
- #1 Windows Defender 3,772machines
- #2 None 766machines
- #3 Avast 38machines
- #4 Kaspersky 21machines
- #5 Avast, AVG 19machines
- #6 Avast, Norton 17machines
- #7 Malwarebytes 15machines
- #8 Bitdefender 2machines
- #9 ESET 2machines
- #10 Avast, AVG, ESET 1machines
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 31,640hits
- #2 sso 7,217hits
- #3 zoom 2,245hits
- #4 github 1,976hits
- #5 adfs 635hits
- #6 oracle 621hits
- #7 webmail 618hits
- #8 salesforce 504hits
- #9 sap 387hits
- #10 zendesk 344hits
- #11 sts 310hits
- #12 vpn 245hits
- #13 ping 231hits
- #14 webex 213hits
- #15 owa 211hits
- #16 cpanel 207hits
- #17 okta 150hits
- #18 kaspersky 128hits
- #19 st 128hits
- #20 ftp 108hits
- #21 roundcube 105hits
- #22 twilio 105hits
- #23 imap 98hits
- #24 extranet 91hits
- #25 gitlab 61hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains
Infostealers Weekly Report: 2026-05-18 – 2026-05-25
- 14K machines
- 4K users
- 187K domains
Top Compromised Social Platforms
Where saved sessions and logins lived
Social media services where compromised accounts had stored sessions or saved logins.