Though it's worth noting that the cost of Stagefright was surprisingly low - it took a long time for a good ASLR bypass to come out for it and by that time most devices were updated or replaced. Additionally, the sheer variance between Android devices means developing worm-level exploits becomes extremely difficult compared to something where everyone's running the exact same binary like Windows, so it likely only saw targeted use.