Researchers at FireEye say they’ve discovered a vulnerability, nicknamed “Masque Attack,” that lets malicious websites replace legitimate apps with malware. iOS app can be installed using enterprise/ad-hoc provisioning and they could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This new app may display an eye catching title that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps. FireEye says it notified Apple about the exploit in July, but the technique still works the iOS 8.1.1 beta.
However, practically the threat to your iOS device is relatively low. you’ll likely be fine so long as you stick to downloading from the App Store.