Meltdown-Spectre: Malware is already being tested ...

[api]

There is no ^publicly disclosed evidence of in-the-wild malware using Meltdown or Spectre ^yet.

The real nightmare targets are cloud providers. Many smaller providers have not patched yet.