Countercounterpoint: once a proof of concept shows it is possible to use something maliciously, in a way that isn't impractically inefficient, it will soon enough be used that way by someone.
So: don't panic, but do take precautions as soon as possible.
That looks good on paper, but it doesn't seem to be happening. researchers aren't having trouble reproducing the exploit independently, and it didn't take long to expand and improve it e.g. https://mobile.twitter.com/aionescu/status/95126147034336051... from almost a month ago. But malware authors just don't seem interested so far. Since it's a read-only attack and would have to be chained with other vulnerabilities for most malicious use-cases, maybe there's lower-hanging fruit or they just don't see the potential.
> malware authors just don't seem interested so far
Possibly because the issues are mostly mitigated in the wild and there are other, easier to exploit, holes out there too (particularly the water-bag problem: human engineering can be a great attack vector). So they are picking the lower hanging fruit instead. As soon as there is a PoC that seems to have a decent ROI for the implementation time, exploits will appear in the wild.
I can assure you this is 100% false. These techniques were being used in the wild on cloud provider(s) at least as early as June 2017. I witnessed this myself.
