|Mobile||T1475||Deliver Malicious App via Authorized App Store||
ZergHelper apparently evaded Apple's app review process by performing different behaviors for users from different physical locations (e.g. performing differently for users in China versus outside of China), which could have bypassed the review process depending on the country from which it was performed.
|Mobile||T1476||Deliver Malicious App via Other Means|
|Mobile||T1407||Download New Code at Runtime|