How does the attack vector that you describe differ from being connected to your office or home network? Once this kind of malicious app that you describe is running on your machine, it doesn’t matter any longer what kind of network you’re connected to.
Coffee shop WiFi is shorthand for "any connection that isn't locked down with all unusual ports blocked in both directions, common ports blocked for outbound connections, and monitored for unusual activity." Having a compromised machine shouldn't be the end of the world; you should have layers of security that all have to fail for something bad to happen.
If your approach to security is "I really hope this machine doesn't get compromised" then you're not doing a good enough job.
Also, as bmm6o says, keeping prod data in your secure, pentested prod environment avoids the problem in the first place.
