The spyware is delivered either via the aforementioned app, or via an SMS or email that contain a specially crafted URL that will trigger exploits for several vulnerabilities in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean.

This will allow the attacker to gain root privilege, and allow the installation of a shell backdoor and RCS Android.

Source: Hacking Team’s RCS Android: The most sophisticated Android malware ever exposed