This is an interesting scenario and the answer really boils down to “it depends”.
I use LastPass, a KeePass equivalent. I keep it logged in all day …. and again, I don’t.
To directly address your question, the only malware that would be helped by keeping a password vault open, in my opinion at least, would be malware that is specifically targeted at reading the contents of that specific password vault.
By that I mean malware that is looking specifically for KeePass. If it finds KeyPass installed and open it might then start sucking up the contents somehow.
I am not aware of any such malware at this time.
There are easier ways for malware
To be honest, I really don’t think malware writers need to bother with that. If you’ve gone so far as to allow malware on your machine in the first place, it’s much easier, and much more productive, for that malware to simply record what you’re doing.
I hear a lot of people saying that using a password vault doesn’t use keystrokes, making them safer.
True enough, but these tools still use something to get the password into the forms and whatnot that it’s filling out; and what we tend to call “key logging” software is actually capable of logging much more than just keystrokes. It’s very possible for malware to log any of the ways that a password vault might transfer the password information on your behalf.
So, in my opinion, keeping a password manager open doesn’t really make you any more vulnerable to malware.
It could, however, make you vulnerable to something else.
A “friend” walks into a room
The scenario I’m thinking of is when you walk away from your computer, or worse, if your computer is stolen when you’ve left it in this state.
Anyone can walk up to your computer and just start using your password vault. Say you’re working on your laptop at Starbucks, you close the lid and go to the the bathroom, and when you come back it’s gone. It’s quite possible, common even, that when the thief opens the lid everything is still there, running and ready, including your opened password vault.
So, if that’s a concern, then yes, absolutely, leaving a password vault open does add to the risk.
My solution is actually very simple. At home, where the risk of someone I don’t trust using my machine is low, I’m signed into LastPass pretty much all day. On my laptop, I’m not. In fact, I have LastPass configured there to automatically log me out after some period of inactivity. I consider that security so important that I also have two-factor authentication turned on in LastPass. On that laptop, I need both my password and a security code from my mobile phone in order to be able to log in to LastPass at all.