I am not aware of any reports of active attempts of exploitation of this bug in the wild. So for now targeted attacks only if anything. I can't calculate a probability from that.
During manual apt-get update it would look sketchy to fetch a > 1 GB file. So not that unlikely to be spotted, I would speculate.
Most at risk seem systems using unattended upgrades. (No, Whonix does not use that.) (Specifically if these are distinguishable from manual apt-get updates - they could be - if they are running at expectable times. I don't remember / haven't checked this.)