Lately, there has been discussion about malware hidden inside deep neural networks, such as, EvilModel: Hiding Malware Inside of Neural Network Models (pdf).
I understand the hiding part, but I would like to know how that malware is assembled as a runnable program and actually run on the target machine. If a separate program is needed for that, how does that program get into the target machine?