Yes, malware exists for iPhones.
The malware campaign was small and targeted, only affecting 13 iPhones in India over a three year period. The small size of the attack, probably helped the campaign remain hidden for as long as it had. The attackers set up their own MDM client for phones, and then registered the targeted phones.
How this initial attack occurred is still in question. It would have required either physical access to the phones, or convincing the victims to download and install the malware, exactly like the vast majority of malware found on the Android platform.
Once infected with the MDM client, the attackers loaded a series of legitimate iOS apps, that were infected with information stealing malware. These apps included version of Telegram, WhatsApp and PrayTime. The apps would operate fully as expected, but were also doing other tasks in the background.
The campaign would collect and send back to the attackers servers the SMS messages, telephone numbers, serial numbers, contacts, and photos along with Telegram and WhatsApp messages. The identities of the attackers are remaining private, however with such a small targeted number of users, we can assume that these were VIPs.
Russians Russians Russians!
The attack appears to be Indian in origin. Information from the command and control server points directly to an India based campaign. The attackers even left information on the server from their original test devices which includes the device name, “test” and “mdmdev” along with the original phone number which is a Vodafone India number.
However, the attackers planted false flags which have become all too common. By inserting Russian code into the malware, as well as certificates and email addresses, malware attackers are placed to point researchers to “Russian hackers”. With Russian hackers being the latest Bogeyman, hackers the world over are using this method to hide the true origins of their malware attacks.