SMM is quite different from the ME (management engine). Indeed, SMM (which roughly put has to be set up by the EFI firmware) is an almighty hypervisor where at any point in time the SMM interrupt can come in and the processor just goes executing code that was set up. It's like everything you can touch on your PC is actually just the guest of a virtual machine that your vendor set up.
The ME is a separate Minix chip as you said, but it has a far less direct path to memory. The ME has a carved out chunk of memory, by default the top 16MB of memory, and also has its own secure boot chain-of-trust. In that sense it's more similar to something like a Secure Enclave or TPM.
The other off-chip mystery chip on a lot of server-class machines is the BMC, which is like an integrated KVM solution. it usually is an ARM based ASPEED chipset that runs Linux. It has access to your BIOS settings, and some versions even speak the LPC bus protocol that delivers EFI to the processor when it powers on.
SMM code has the most direct access to your operating system. The ME theoretically does not have memory access, though it does have access to peripherals and in the past there were memory vulnerabilities around the 16MB remap region that allowed the ME to get access to other parts of memory, albeit painfully.
The ME is the least direct in terms of snooping on the operating system, though its ability to be a keyboard as well as access and change BIOS settings (and even flash the BIOS) means it often throws physical security out the window.
But either way, almost all of these components are on modern machines and they're all secret sauce from either Intel or your BIOS manufacturer. AMD machines have their own version of the same thing. Apple/Google/Qualcomm have even more mystery chips and coprocessors and their custom firmware running on it. This is one of those threats that you have very little control over, so it's not one I spend a lot of time worrying about as a customer.
As far as malware, I have no idea why malware would want to go through this much trouble. You would need to write malware that has very deep understanding of the Windows memory map and how the Windows kernel works, in order to locate user data or do other interesting things. That's so much effort compared to the 20 lines of obfuscated batch files that seems to be owning us left and right. I would say this attack vector is like a NSA/CIA threat model, not a malware threat model.