I also want to iterate on a separate post (the original was quite large as it was) that malware authors are primarily interested in banking malware, ransomware, crypto-currency mining malware and adware.
You could say that Meltdown could have been extremely beneficial for banking malware development because it could allow an attacker to read memory belonging to browser processes (which would leak sensitive data potentially such as credentials) but such data would not be "clear" and it wouldn't be a fast process either. It'd be much simpler for an attacker to install a form-grabber/WebInject into the browser to target banking website credentials, or to just locate where saved passwords are stored and use the browser's own APIs for decryption (which is commonly done with Firefox for the record).
Ransomware is designed by default to demand a ransom in exchange for a decryption key, and to my surprise, it is true that you may get a decryption key back once you've paid the ransom. However, you can never trust someone who has infected your system and there's no guarantee. Some ransomware can be decrypted by a third-party due to a weak encryption algorithm or leaked keys which may potentially be valid for the affected files of yours, whereas some have no chance for decryption. Moving on, it's designed to encrypt files as quickly as possible and this in turn gets attackers a lot of money because people do give in depending on how important the data is, or out of fear... Which is a shame really because it's people who pay the ransom which encourage malware authors to stay interested in the ransomware business, and causes a rise of new development's for it.
Crypto-currency mining malware is a new one, and banking malware is also started to target crypto-currency wallets more and more. Crypto-currency mining is the act of using your system resources to generate income, and while I don't really understand how it works fully hence not being into crypto-currency (always thought it was the same as gambling to be honest), I know enough to know that it uses up system resources. Malware for crypto-currency mining will hide and try to use your system resources. If an attacker can get enough infections, they can be generating a lot of income each month depending on the life of the infection and the system resources the system's of infected personals have.
Adware is adware, I'm sure you're already very familiar with it. Adware tends to make money from data collection (usually illegal) and advertisements/additional installation bundling. It can make a lot of money to the big actors in the Adware business, which is a shame once again.
Those are some of the most prevalent threats out there, and crypto-currency mining malware is a new one recently on the rise in the game of malware development. I don't think Meltdown or Spectre will be a huge issue and I would be surprised if an attacker (especially a normal attacker who is developing for the home targets) will be capable of actually utilising it for true potential with all the recent patch updates and software updates to take on-board these vulnerabilities. It just won't be very effective in comparison to quickly stealing saved passwords on-disk among other things which is a lot faster and has a higher success ratio,
We also need to remember that home targeted malware is... home targeted malware. A majority of black-hats developing to attack home users aren't experienced and likely don't even know what they are doing. Do you know how common it is for samples in the wild to be relying on copy-pasted code? Many samples are full of bugs and vulnerabilities (which can be abused to help beat them for removal or in the case of ransomware, decrypt the affected files).
Unless you're a high value target you don't really need to worry, and even then, the likelihood is even an actor like Microsoft hasn't been targeted with Meltdown nor Spectre exploitation in a malware package unless it was by a government state actor (which is unlikely because they could get data through other means, and also legally, and it'd be more effective that way).
One thing we all should keep in mind that we can never be 100% safe and it implies not only to the digital world but also to the real world.
Exactly.
We all have weaknesses because we are all human. Meltdown and Spectre could be similar to a fake job interview to steal your pitched ideas and make money before cutting you out of the picture, or someone claiming to be someone they aren't to grab personal information which can then be used for identity theft and thus lead to fraud (using real-life to do it).
Keep a system image backup/back up all your data, keep your software updated at all times (except for Windows update - waiting a week is fine IMO because sometimes faulty updates show up), don't be click-happy and have good security software relying on a layered combination to help combat any potential threats lurking if you get unlucky.