That part is just incorrect and doesn't make any sense. Infostealers typically grab the credentials that a victim of a malware has saved in browser password managers.