CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Predator Spyware Hides iOS Recording Indicators via SpringBoard Hooking

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Intellexa’s Predator spyware leverages kernel-level access to hook iOS SpringBoard and suppress camera and microphone activity indicators. The malware intercepts sensor activity updates, preventing the display of green or orange dots in the status bar. This allows Predator to operate stealthily, hiding its surveillance activities from users. The spyware exploits previously obtained kernel access rather than zero-day vulnerabilities.

Timeline

  1. 21.02.2026 18:13 1 articles · 6h ago

    Predator Spyware Hides iOS Recording Indicators via SpringBoard Hooking

    Researchers at Jamf analyzed Predator samples and documented how the spyware hides recording indicators on iOS 14. By hooking a single function in SpringBoard, Predator intercepts all sensor status updates before they reach the indicator display system. This prevents the green or orange dots from appearing in the status bar, allowing the spyware to operate stealthily. The analysis also revealed dead code that attempted to hook 'SBRecordingIndicatorManager' directly, which was likely abandoned in favor of the more effective upstream interception method.

    Show sources

Information Snippets