I’m not a security expert by any means, but here are a few things I know as a regular user:
Always keep your system up-to-date and only download and execute software from the official Arch repository if you can help it. Malware often takes advantage of outdated systems that don’t have the latest security patches, so by staying as up-to-date as possible you’re making yourself a very difficult target. The AUR is a user-based repository and is not inherently trusted/maintained like the official Arch repos, so be careful and always read PKGBUILDs before you use AUR software. Don’t use AUR auto-updaters unless you’re reading the PKGBUILD changes every time. Ideally try not to use the AUR at all if you can help it; official Arch Linux is usually quite stable, but AUR software is often responsible for a lot of the “breakages” people tend to get with Arch. If you have to run sketchy software, use a virtual machine for it, as a 0-day VM escape is almost certainly not going to happen with any sort of malware you’d run into. ClamAV or VirusTotal may also help you scan specific files that you’re wary of, but I wouldn’t trust that a file is clean just because it passes an AV check. Also, never run anything as root unless you have a very specific reason, and even then try to use sudo instead of elevating to a full root shell.
Don’t open up any network ports on your system unless you absolutely have to, and if you’re opening an SSH port, make sure that it: isn’t the default port number, requires a keyfile for login, root cannot be logged into directly, and authentication attempts are limited to a low number. If you’re opening ports for other services, try to use Docker/Podman containers with minimal access to your system resources and not running in root mode. Also consider using something like CrowdSec or fail2ban for blocking bots crawling ports.
As far as finding out if you’re infected, I’m not sure if there’s a great way to know unless they immediately encrypt all your stuff and demand crypto. Malware could also come in the form of silent keyloggers (which you’d only find out about after you start getting your accounts hacked) or cryptocurrency miners/botnets (which probably attempt to hide their CPU/GPU usage while you’re actively using your computer). At the very least, you’re not likely to be hit by a sophisticated 0-day, so whatever malware you get on your computer probably wants something direct and uncomplicated from you.
Setting up a backup solution to a NAS running e.g. ZFS can help with preventing malware from pwning your important data, as a filesystem like ZFS can rollback its snapshots and just unencrypt the data again (even if it’s encrypted directly on the NAS). 2FA’ing your accounts (especially important ones like email) is a good way to prevent keyloggers from being able to repeat your username+password into a service and get access. Setting up a resource monitoring daemon can probably help you find out if you’re leaking resources to some kind of crypto miner, though I don’t have specific recommendations as I haven’t done this before.
In the case of what to do once you’re pwned, IMO the only real solution is to salvage and verify your data, wipe everything down, and reinstall. There’s no guarantee that the malware isn’t continually hiding itself somewhere, so trying to remove it yourself is probably not going to solve anything. If you follow all the above precautions and still get pwned, I’m fairly sure the malware will be news somewhere, and security experts may already be studying the malware’s behavior and giving tips on what to do as a resolution.
I’m speaking from an American POV on credit cards: getting a good credit score requires doing a lot of things that don’t really make sense. I’d just make your peace with that and play the game. Opening as many credit cards as possible, never missing a payment, and sending a small payment through each one once a year to keep them active is an extremely good way to build a solid credit score. Before you read further, please note that opening credit cards temporarily dips your credit score due to hard inquiries, but all forms of credit score dings are removed after a specific amount of time based on their severity; generally you can expect hard inquiries to go away after ~12 months.
The system encourages you to have a lot of accounts, and it encourages you to have a long average account age. People who never use credit cards may have a poor credit score due to lack of history, and people who only have ~one long-running credit card will have a fragile credit score due to the average account age being prone to literally breaking in half as soon as they open any other credit account. Opening as many accounts as early as you can will temporarily dip your score, but it will come back much stronger. Sometimes you’ll get rejected for a credit card and will still have to eat the hard inquiry, so it’s a delicate game of trying to open accounts and also trying not to appear too desperate. Having a lot of income also helps credit card companies be more amenable to your thin history.
Also as a last note since you seem like someone who “takes money seriously” enough to not be in debt: at least in America, credit cards are great for your finances as long as you pay them off. Credit cards do not charge you any interest or fees as long as you pay your balance on time, and generally you shouldn’t be applying for any credit cards that have an Annual Fee charge. It’s not too hard to get an unconditional 2% cashback card, which means they will give you 2 cents back for every dollar you spend (this doesn’t count as taxable income). You can further diversify to get specific 5% cards for your most-used categories like gas and utilities.