This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
ZergHelper
ZergHelper is iOS riskware that was unique due to its apparent evasion of Apple's App Store review process. No malicious functionality was identified in the app, but it presents security risks. [1]
ID: S0287
ⓘ
Type: MALWARE
ⓘ
Platforms: iOS
Version: 1.1
Created: 25 October 2017
Last Modified: 11 December 2018
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1475 | Deliver Malicious App via Authorized App Store |
ZergHelper apparently evaded Apple's app review process by performing different behaviors for users from different physical locations (e.g. performing differently for users in China versus outside of China), which could have bypassed the review process depending on the country from which it was performed.[1] |
|
| Mobile | T1476 | Deliver Malicious App via Other Means |
ZergHelper abuses enterprises certificate and personal certificates to sign and distribute apps.[1] |
|
| Mobile | T1407 | Download New Code at Runtime |
ZergHelper attempts to extend its capabilities via dynamic updating of its code.[1] |
|
References
×