Infostealers are designed to extract any data that provides access to systems, services, or user identities. What they steal depends on the variant, but most target:

• Saved usernames and passwords — from browsers, apps, and password managers

• Session cookies and tokens — used to bypass MFA and access services without logging in

• Autofill data — including names, addresses, phone numbers, credit cards

• Financial data — bank account details, payment info, and credit card numbers

• Crypto wallets and keys — hot wallets, private keys, and browser wallet extensions

• Password manager exports — exported vaults or clipboard-copied credentials

• Local files — especially in the Downloads folder (documents, IDs, attachments)

• Browser data — browsing history, saved logins, and stored cookies

• System and device metadata — IP address, hostname, OS version, browser type

• Screenshots or clipboard content — sometimes taken during execution

This data is bundled into a "log" and uploaded. One log often contains full access to cloud accounts, email inboxes, business tools, or admin panels.