Stealer Log
A structured package of data harvested by infostealer malware from a single infected device.
Full Definition
A stealer log is the output of an infostealer malware infection — a structured archive containing all data harvested from a single compromised endpoint. Each log represents one infected device and typically contains browser-saved passwords, session cookies, autofill data, cryptocurrency wallet files, screenshots, system information, and other files matching the stealer's target criteria.\n\nStealer logs are sold in bulk on dark web marketplaces, sometimes organized by country, operating system, or the presence of high-value accounts (corporate VPN credentials, banking cookies, crypto wallet data). A single log may contain credentials for dozens of corporate and personal services.\n\nFor threat intelligence teams, stealer logs are a critical data source. Logs containing credentials for a target organization's services indicate that an employee's device has been compromised and that the organization may be at immediate risk of account takeover, data theft, or ransomware deployment.
Related Terms
Infostealer
Malware designed to silently harvest credentials, cookies, and sensitive data from infected devices.
Malware & InfrastructureDark Web
Encrypted, anonymized parts of the internet accessible only via specialized tools like Tor, used by both privacy advocates and cybercriminals.
Security ConceptsAccount Takeover (ATO)
Unauthorized access to a user account by exploiting stolen credentials.
Attack TypesCombo List
A compiled file of username/email and password pairs aggregated from multiple data breaches.
Data & LeaksMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.