A memory scraper is malware or a tool that scans a running process’s memory to find sensitive data such as passwords, session tokens, API keys, or payment details. Unlike disk theft, it targets secrets after they have been decrypted for use, when they may briefly exist in cleartext inside RAM.
This matters because encryption at rest does not protect data that is already loaded into memory. Attackers use memory scrapers in infostealer campaigns, post-compromise espionage, and local malware that harvests browser credentials or application tokens. Defenders reduce the risk by delaying decryption, limiting how long secrets remain in memory, isolating sensitive processes, and applying anti-malware and credential-protection controls. Shrinking the plaintext window can make scraping far less useful.