German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs.
"So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754," the company wrote on Twitter.
The company has posted SHA-256 hashes of several samples that a check on Google's VirusTotal indicates is being detected by some antivirus engines.
Since Google disclosed the Meltdown and Spectre attacks on January 3, operating system vendors, chip makers, and browser makers have released patches to mitigate the three types of speculative side-channel attacks.
The number of samples AV-Test has collected has steadily climbed since the first one was spotted on January 7. By January 21 it had over 100 samples, and as of the end of January the count was 139.
AV-Test's CEO Andreas Marx told ZDNet each of the 139 samples only use one of the three attacks. But while the files contain the "problematic program codes", Marx added he can't confirm that all of them successfully exploit the vulnerabilities.
"Due to the extremely high number of affected computers/systems and the complexity to 'fix' the Spectre-Meltdown vulnerabilities, I'm sure that the malware writers are just looking for the best ways to extract information from computers and especially browsers," he said.
As it is though, cybercriminals would probably find it easier and more profitable to use tools to build ransomware or a cryptocurrency miner.
He also offered a tip to minimize your risk of being hit by any more successful Spectre malware that may emerge.
"If you don't need your PC for more than an hour, switch it off. If you go for lunch or a break, close your browser. This should decrease your attack surface a lot and also save quite some energy," said Marx.