FireEye's researchers claim that the malware could even access the original app's local data, which wasn't removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware could use to log into the user's account directly.
All apps can be replaced except iOS preinstalled apps, such as Mobile Safari. This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier.
"The vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier," the researchers explained.
They verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices. An attacker could also leverage this vulnerability both through wireless networks and USB.
FireEye mobile security researchers have discovered the iOS vulnerability earlier this summer have already notified Apple about it.
Recently Claud Xiao discovered the "WireLurker" malware, which also started to utilize a limited form of Masque Attacks to attack iOS devices through USB, FireEye said.
iOS users can protect themselves from Masque Attacks by not installing apps from third-party sources other than Apple's official App Store or the users' own organizations. They should also never click "Install" on any pop-ups from third-party web pages, and uninstall any possible app that shows an iOS alert with "Untrusted App Developer" upon opening.