ZergHelper is iOS riskware that was unique due to its apparent evasion of Apple's App Store review process. No malicious functionality was identified in the app, but it presents security risks. [1]

ID: S0287
Platforms: iOS

Version: 1.1

Techniques Used

MobileT1475Deliver Malicious App via Authorized App StoreZergHelper apparently evaded Apple's app review process by performing different behaviors for users from different physical locations (e.g. performing differently for users in China versus outside of China), which could have bypassed the review process depending on the country from which it was performed.[1]
MobileT1476Deliver Malicious App via Other MeansZergHelper abuses enterprises certificate and personal certificates to sign and distribute apps.[1]
MobileT1407Download New Code at RuntimeZergHelper attempts to extend its capabilities via dynamic updating of its code.[1]