You have demonstrated one of the downsides of using SQL Server Authentication as opposed to Windows Authentication. This is why Microsoft recommends using Windows Authentication unless you have a good reason not to. Here is a description of the pros and cons of each. Notably:
The encrypted SQL Server Authentication login password, must be passed over the network at the time of the connection. Some applications that connect automatically will store the password at the client. These are additional attack points.
Here is another Microsoft article which talks about how to secure SQL Server connection strings for Entity Framework, but the same rules apply even if you aren't using EF. This statement reiterates why they recommend always using Windows Authentication:
Be aware that logon information and passwords may be visible in a memory dump.
When data source logon and password information is supplied in the connection string, this information is maintained in memory until garbage collection reclaims the resources. This makes it impossible to determine when a password string is no longer in memory. If an application crashes, a memory dump file may contain sensitive security information, and the user running the application and any user with administrative access to the computer can view the memory dump file. Use Windows Authentication for connections to Microsoft SQL Server.
As for whether or not any existing malware applications take advantage of this? Certainly we know that they can exist, and you have proven this yourself. All that is required is for an application to be run with enough permissions to view the memory of another application that stores passwords in memory. The tricky part is it's likely that you would need to know how the memory is laid out in order to take advantage of this. In other words you would probably need to know how the application works first, and then build your memory sniffer around it. Perhaps there are general keywords you could search for, but that would require quite a bit of luck. Kind of like searching the ocean floor for lost ships that might still have some treasures in them; at some point the cost/reward just doesn't make it worth it.
That being said, if you knew that a particular (popular) application had this sort of security flaw in it, you could attempt to design malware that is tailored to that application, and then target that application's users to try to convince them to install your malware on the same machine.