Mainly Apple iOS in-app ads were targeted, injecting malicious JavaScript code to rack up phony views.