iOS malware on non-jailbroken iPhones is virtually nonexistent. There are basically only two infection vectors: App Store apps and websites, both of which are heavily controlled and sandboxed.
Typically what happens is that a website manages to do something naughty, but only while that site is open (like in the case of Chris's malicious ads) or an app manages to sneak something naughty past the App Store reviewers, but can't escape its sandbox (so it only works while the app is open) and gets shut down as soon as Apple catches on.
The worst case scenario is that a website exploits a vulnerability in Safari that allows it to execute arbitrary code with local privileges, but this is extremely difficult, rare, and Apple patches these kinds of exploits quickly.
Usually when people talk about "malware" on iOS, what they really mean is a website or app that displays trashy, annoying ads, like what Chris is seeing. It's not the same thing as malware on Android, macOS, or Windows where malicious software can actually run in the background on your system doing evil things.