State sponsored and criminal enterprises want as great of a ROI as possible. The most common OS will garner the lions share of the attention. It's all about scale and order of magnitude. OS X is less prone to exploits simply because of the relatively small number of installs.
I would guess the most profitable types of exploits are the ones that capture login credentials for web sites where credit card and banking information is stored or used. These exploits are independent of ones hardware/software platform. I can just as easily surrender my credit card or banking information on a Mac, Android or Windows device.
If you're online, rules generally do not apply, or at least are meant to be broken.
Measure twice, cut three times, start over. Repeat as necessary.