The only way to get a Remote Access Trojan on an iOS device would be to jailbreak it to remove the inherent iOS limitations of file system and app sandboxes and to open restricted ports (that are blocked by iOS itself by default). So someone would need direct physical access to your iOS device and a computer to install a RAT exploit into it. Even if you accessed a web site or email with a RAT package hidden in it, it cannot execute or do anything on a normal iOS installation.
In OS X a downloaded RAT package would require root or admin password to be entered to gain permission to install and run. In Windows, if you are an admin user, all you need do is click a bad link and it can execute, install and run. That’s why Windows machines are the prime target of most trojan exploits - Windows (at least with a default personal user installation) has very weak admin authority security compared to OS X, Linux or iOS.
A simple mouse click at the wrong time or without paying attention to a dialogue box can exploit a Windows box. OS X would require not only a mouse click, but you’d have to physically type in the admin password to execute malware like that. iOS is simple incapable of doing anything with such a file as any app accessing it doesn’t have any access to iOS itself or the things it needs outside of the app’s sandbox.
