Are 'coreservicesd' & 'syslogd' disguises for keylogger apps?

Check Code Signatures

If you suspect a process on your Mac is disguising itself as part of macOS, check the process's digital code signature. You can do this with the codesign binary:

/usr/bin/codesign -d -vvvv /System/Library/CoreServices/coreservicesd

If there is no signature, it is not from Apple.

If the Authority fields do not list Apple Root CA, then it is not signed by Apple or one of their partners.


Both coreservices and syslogd are legitimate programs included in the standard installation of macOS. Thus seeing those in the process list is not in itself an indication of keyloggers.

However, it is possible that a keylogger could be camouflaging itself by using a well-known process name. You would need to identify the keylogger by something other than the process name though.