Are 'coreservicesd' & 'syslogd' disguises for keylogger apps?
Check Code Signatures
If you suspect a process on your Mac is disguising itself as part of macOS, check the process's digital code signature. You can do this with the codesign
binary:
/usr/bin/codesign -d -vvvv /System/Library/CoreServices/coreservicesd
If there is no signature, it is not from Apple.
If the Authority
fields do not list Apple Root CA
, then it is not signed by Apple or one of their partners.
Both coreservices and syslogd are legitimate programs included in the standard installation of macOS. Thus seeing those in the process list is not in itself an indication of keyloggers.
However, it is possible that a keylogger could be camouflaging itself by using a well-known process name. You would need to identify the keylogger by something other than the process name though.