Achieving MITM status is a very different thing from installing a rootkit, in my mind. The summary left out how the two could be connected but the article mention something about it:
Coderman’s report suggests that, like Wi-Fi MITM, which regularly harasses surfers at DEF CONs and other hacker conventions, the attackers were able to inject custom packets into the 4G and CDMA data stream. These forged packets allowed the attackers to create on-screen prompts that, if clicked, installed a rootkit on the PC or Android device.
So, to install the rootkit, you also need to exploit a bug in the user. Where do I file the bug report?