CATEGORIES
home News

Predator Spyware Evades iOS Privacy Protections To Attack iPhone Owners

by Chris HarperMonday, February 23, 2026, 02:44 PM EDT
apple fixed three security vulnerabilities to prevent triangulation spyware
iOS users may already be aware of the commercial spyware dubbed Predator, but may not know exactly what it's capable. Fortunately, malware researchers Nir Avraham and Hu Ke have published a detailed write-up on how the Predator spyware works, including how "a single hook defeats both camera and microphone indicators simultaneously." The Predator spyware contains a helper module with 4 distinct other modules: HiddenDot, Voip, KeyLogger, and CameraEnabler. Working together, all four modules of Predator can enable full surveillance of a compromised iPhone without giving away any apparent "tells" to the end user that something is wrong. Since it's a much more thorough, extreme piece of malware versus previous exploits, which were either limited in scale or required direct physical access to a device, a breakdown like this is essential information for future patching efforts.
modules ios predator2
There's essentially a single hook that defeats all indicators simultaneously. Predator's code hook function is mounted inside iOS' SpringBoard system process and intercepts sensor activity updates from ever reaching the UI layer, so the indicators never appear. One exception to this is with VoIP recordings, where it has to rely on the HiddenDot module for stealth instead. CameraEnabler and VoIP modules hook into the mediaserverd system process as well, ensuring that nothing done on the phone escapes the eyes of the attacker while effectively turning iOS' own system processes against the end user.
versus no reboot ios predator2
The research also highlights how Predator is distinguished from another major piece of iOS malware, called NoReboot. With NoReboot, the phone appears to be off while it's still being controlled by attackers. With Predator, only surveillance indicators are suppressed, giving the end user the impression that the device is working normally and no indication that they're being spied on. Predator is so stealthy that detection requires users to monitor system processes or identify key intervals at which the camera or mic are in use by scouring logs.

The full technical rundown on Jamf.com details the code used to make these exploits possible, and will hopefully make it easier for Apple to identify and iron out vulnerabilities in future iOS updates. For now, all users can do is look out for red flags and make their iOS devices are fully updated.
Tags:  iPhone, security, ipad, ios, cybersecurity
Chris Harper

Chris Harper

Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment