Vulnerabilities in the BlueStacks Android emulator were fixed at the end of May that allowed attackers to perform remote code execution, information disclosure, and to steal backups of the VM and its data. The vulnerability was discovered and reported by security researcher Nick Cano in April and was fixed in the latest version 4.90.0.1046, which was released on May 27th, 2019 along with an advisory. The fix was not backporting this fix to versions 2 or 3, so users are strongly advised to upgrade to version 4 as soon as possible.
Source: https://www.bleepingcomputer.com/news/security/bluestacks-flaw-lets-attackers-remotely-control-android-emulator/