Intellexa’s Predator spyware has the capability to bypass standard iOS privacy protections by suppressing the status bar dots that indicate when a device's camera or microphone is active. Rather than exploiting a specific flaw in the notification system itself, the malware uses existing kernel-level permissions to intercept system signals and prevent the visual warnings from appearing.

The development of Predator by the US-sanctioned firm Intellexa represents a sophisticated approach to mobile surveillance, often delivered through zero-click exploits or vulnerabilities in Chrome and Apple software. While it was previously understood that the spyware could record users in total secrecy, the technical specifics of how it neutralized Apple’s security indicators remained a mystery until a recent forensic analysis. Researchers at the mobile security firm Jamf investigated the malware's codebase to determine how it remains invisible even while actively streaming live data to its operators.

The analysis revealed that the spyware targets a specific component of the iOS interface known as SpringBoard. When a user or a background process activates a sensor like the camera or microphone, the operating system normally triggers a notification process to inform the user via a green or orange dot. Predator disrupts this flow by implementing a specialized hook function that monitors for these changes in sensor state.

This hook acts as a gatekeeper that catches every sensor update before it can be processed by the user interface. Specifically, the malware intercepts a method within the system that handles new domain data regarding hardware activity. By stopping the data at this stage, the spyware ensures that the signal to turn on the recording indicator never reaches the screen, effectively silencing the system's built-in alarm.

This method allows the operators to maintain a persistent and stealthy presence on the device, as the hardware appears to be idle even when it is fully engaged. Because the malware operates with deep system access, it can bypass the privacy features introduced in iOS 14 that were designed to give users more transparency over their data. The research highlights the ongoing battle between mobile operating system security and high-end commercial spyware designed to evade detection.

Source: Predator Spyware Hooks iOS SpringBoard to Conceal Microphone and Camera Activity