Are 'coreservicesd' & 'syslogd' disguises for keylogger apps?

malware

Check Code Signatures

If you suspect a process on your Mac is disguising itself as part of macOS, check the process's digital code signature. You can do this with the codesign binary:

/usr/bin/codesign -d -vvvv /System/Library/CoreServices/coreservicesd

If there is no signature, it is not from Apple.

If the Authority fields do not list Apple Root CA, then it is not signed by Apple or one of their partners.


Both coreservices and syslogd are legitimate programs included in the standard installation of macOS. Thus seeing those in the process list is not in itself an indication of keyloggers.

However, it is possible that a keylogger could be camouflaging itself by using a well-known process name. You would need to identify the keylogger by something other than the process name though.

Related

iPhone to make a sound when it shuts down due to low battery
How to reset default shell for root from user space
How to prevent terminal from printing passwords from keychain?
Why do I have a /home folder and do I need it?
Where's the iMessage contact icon stored? [duplicate]
init function invocation of drivers compiled into kernel
VBA - Range to jpg picture
Initialize device array in CUDA
web.config and app.config confusion
Replace keys in template string with object properties
How to connect the device to Eclipse?
How to get do a join in angularfire2 database