Botnets targeting android devices are a thing, here’s an example: https://blog.fox-it.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/
In this example, they’re renting access for thousands of dollars. These people have a clear motivation to find ways to exploit devices and unpatched CVEs are an easy way for them to do that.
The xz compromise having demonstrated that FOSS projects are totally immune to interference from state actors…