Predator Spyware Hooks iOS SpringBoard to Hide Indicators
🔍 Researchers report that Intellexa's Predator commercial spyware can suppress iOS camera and microphone recording indicators by hooking a single SpringBoard method. The malware intercepts sensor updates using a function named HiddenDot::setupHook() and nullifies the SBSensorActivityDataProvider object so the green or orange status dots never reach the UI. The technique requires prior kernel-level access and is combined with ARM64 instruction pattern matching and Pointer Authentication Code (PAC) redirection to bypass camera permission checks, while VoIP recordings also rely on the same upstream interception for stealth.
