CoreLock protects your Mac with AI-powered behavioral analysis that catches threats traditional antivirus misses. It scans 8 security areas — running processes, network connections, app certificates, privacy permissions (camera, microphone, screen), startup items, file system health, and system performance — all in under 60 seconds. Everything runs 100% locally on your device with no cloud uploads, no telemetry, and no data collection. CoreLock uses the same detection techniques trusted by security professionals, packaged into an app anyone can use with zero configuration required.
The same detection techniques trusted by security professionals, packaged into an app anyone can use. No configuration required.
AI watches how apps behave on your computer — not just checking a list. It catches brand-new threats, suspicious apps, and hidden dangers that traditional antivirus misses.
8 detection enginesLast scanned: 2 min ago
Health Score
Unsigned app running from ~/Downloads
Unknown binary without code signature detected
High CPU usage: node (47%)
Full audit of app permissions — camera, microphone, screen recording, file access — across every installed application. See who has access and revoke it.
Full permission audit4 permission categories scanned
Camera
4 apps
Microphone
2 apps
Screen Recording
1 app
Full Disk Access
3 apps
Monitor CPU, RAM, and battery usage in real time. Identify resource hogs, bloated startup items, and background processes draining your system.
Real-time monitoringSystem resource monitor
Top Processes
Chrome
18% CPU
1.2 GB
VS Code
12% CPU
890 MB
Slack
4% CPU
340 MB
Tip: Chrome is using 18% CPU with 47 tabs open. Closing unused tabs could free 600 MB.
CoreLock uses the same detection techniques trusted by security professionals — packaged into an app anyone can use.
Finds malware that constantly changes to avoid detection — including brand-new threats no one has seen before. The same technology security professionals rely on.
Checks if every app on your computer is legitimate and safe. Spots apps that have been tampered with, aren't from trusted sources, or shouldn't be there.
Checks your files against a constantly updated list of known dangerous programs. If something bad is on your computer, CoreLock recognizes it instantly.
Watches your internet traffic to spot when apps are secretly sending your data somewhere they shouldn't, or taking commands from bad actors.
Checks what runs when your computer starts up. Makes sure no sneaky programs are loading automatically without your knowledge.
Shows you exactly which apps can access your camera, microphone, screen, and files — so you can revoke anything that shouldn't be there.
All scanning, analysis, and AI processing happens entirely on your machine. No cloud uploads, no telemetry, no phone-home behavior. Your files stay yours.
Unlike most security tools that send your file hashes, scan results, or behavioral data to remote servers, CoreLock processes everything on-device. Your security is genuinely private.
Known macOS malware that CoreLock detects. Learn how each threat works, signs of infection, and step-by-step removal guides.
Atomic Stealer (AMOS) is a sophisticated macOS information stealer sold as malware-as-a-service on Telegram for around $1,000/month. It targ...
Realst is a macOS information stealer written in Rust that targets cryptocurrency users through fake blockchain games. It steals browser dat...
AdLoad is one of the most persistent adware families targeting macOS, active since at least 2017. It installs browser proxy configurations a...
Shlayer is one of the most widespread macOS threats, accounting for nearly 30% of all macOS malware detections at its peak. It primarily ser...
Banshee Stealer is a macOS information stealer that emerged in mid-2024, initially sold for $3,000/month. It steals from 9+ browsers, crypto...
EvilQuest (also called ThiefQuest) is a macOS ransomware that combines file encryption with keylogging and cryptocurrency wallet theft. Dist...
KeRanger was the first fully functional ransomware targeting macOS, discovered in March 2016. It was distributed through a compromised versi...
Silver Sparrow was a mysterious macOS malware discovered on nearly 30,000 Macs across 153 countries in February 2021. It was notable for bei...
XCSSET is a sophisticated macOS malware that infects Xcode developer projects. When a developer builds an infected project, the malware exec...
Cuckoo is a macOS spyware discovered in 2024 that combines information stealing with persistent spying capabilities. It can capture screensh...
MacStealer is a macOS information stealer distributed through Telegram that targets passwords, cryptocurrency wallets, and browser data. It ...
Pirrit is an aggressive macOS adware that has been active since 2016, with roots in older Windows adware. It injects advertisements, redirec...
Bundlore is a macOS adware bundler that packages potentially unwanted programs with legitimate-looking software installers. It has been one ...
Lazarus Group is a North Korean state-sponsored APT that has increasingly targeted macOS users, particularly in the cryptocurrency and finan...
RustBucket is a macOS backdoor attributed to BlueNoroff, a sub-group of North Korea's Lazarus Group. It uses a multi-stage attack chain: a f...
ClickFix is a social engineering technique where malicious websites display fake error messages — broken CAPTCHAs, browser errors, or system...
Cthulhu Stealer is a macOS information stealer sold as malware-as-a-service for $500/month — significantly cheaper than competitors like Ato...
Genieo is one of the most widespread adware families ever to target macOS. It installs a browser hijacker that replaces the user's default h...
OSX.Proton is a sophisticated macOS remote access trojan (RAT) that gives attackers full control over an infected Mac. It was sold on underg...
UpdateAgent is a macOS trojan that has evolved significantly since its discovery, gaining the ability to bypass macOS Gatekeeper protections...
CoinMiner is a family of macOS cryptocurrency mining malware that secretly uses the victim's CPU and GPU resources to mine cryptocurrency — ...
CloudMensis is a sophisticated macOS spyware discovered by ESET researchers that abuses legitimate cloud storage services — including pCloud...
VSearch is a persistent macOS adware that injects advertisements into web pages and search results across all browsers. It installs a system...
Dok is a macOS trojan that performs man-in-the-middle (MITM) attacks by installing a malicious proxy configuration and a fake root certifica...
Eleanor is a macOS backdoor that was distributed through a fake application called EasyDoc Converter, which claimed to be a file format conv...
Check which apps have access to your camera, microphone, screen, and files. Learn how to revoke permissions you didn't approve.
Camera access lets an app capture photos and video using your Mac's built-in camera or any connected external webcam. On...
Microphone access allows an app to capture audio through your Mac's built-in microphone or any connected external microp...
Screen Recording permission lets an app capture everything visible on your screen, including other apps, documents, pass...
Full Disk Access gives an app unrestricted access to all files on your Mac, including Mail, Messages, Safari data, Time ...
Accessibility access lets an app control your Mac — it can click buttons, read text in any window, simulate keyboard inp...
Input Monitoring allows an app to monitor all keyboard and mouse input across your entire Mac, regardless of which app i...
Location Services lets an app determine your physical location using Wi-Fi positioning, Bluetooth, and (on some Macs) GP...
Contacts permission gives an app read (and sometimes write) access to your macOS Contacts database — names, phone number...
Calendars permission gives an app access to your calendar events, including event titles, times, locations, attendees, n...
Photos permission gives an app access to your entire Apple Photos library, including all photos and videos, their metada...
Files and Folders permission grants an app access to specific directories on your Mac — typically Desktop, Documents, Do...
Automation permission lets one app control another app using AppleScript, Apple Events, or the Shortcuts framework. This...
Developer Tools permission allows an app to run software that doesn't meet the system's normal security policies — such ...
Bluetooth permission lets an app discover and communicate with nearby Bluetooth devices. This includes peripherals like ...
23 apps with camera access · Is your Mac sending data without permission?
Not sure what a process on your Mac does? Look it up here. Learn if it's safe, what causes high CPU, and when to worry.
mds_stores is a core macOS system process responsible for maintaining the Spotlight search index. It reads file metadata — names, content, d...
kernel_task is the macOS kernel's own process. It handles core operating system functions including memory management, process scheduling, h...
WindowServer is the core macOS process responsible for compositing and rendering everything you see on screen. It manages all window drawing...
launchd is the first process that runs when macOS boots (PID 1) and serves as the system's init and service management framework. It is resp...
trustd is the macOS daemon responsible for evaluating certificate trust chains. Whenever your Mac needs to verify an SSL/TLS certificate for...
cloudd is the background daemon that handles CloudKit operations on macOS. CloudKit is Apple's framework for syncing data between your devic...
bird (sometimes called 'birdd') is the macOS daemon responsible for syncing files between your Mac and iCloud Drive. It handles the upload a...
nsurlsessiond is the macOS background daemon that handles URL-based download and upload tasks on behalf of applications. When an app uses Ap...
mdworker is a helper process spawned by the Spotlight metadata server (mds). While mds_stores manages the search index database, mdworker pr...
coreaudiod is the central audio management daemon on macOS. It handles all audio input and output routing, manages audio device connections,...
loginwindow manages your macOS login session from start to finish. It presents the login screen, authenticates your credentials, launches th...
distnoted is the macOS daemon that delivers distributed notifications between processes. When one application needs to notify other applicat...
cfprefsd manages the macOS preferences system. It handles reading and writing all .plist preference files for both system and user applicati...
sandboxd enforces the macOS App Sandbox — a security technology that restricts what applications can access. When an app is sandboxed, sandb...
syspolicyd implements macOS Gatekeeper — the security feature that verifies applications are from identified developers or the Mac App Store...
tccd manages the macOS TCC (Transparency, Consent, and Control) framework — the privacy permission system that controls which apps can acces...
powerd is the macOS daemon responsible for system power management. It controls sleep/wake behavior, display sleep timing, battery charge ma...
fseventsd is the macOS daemon that monitors and records file system changes in real time. It maintains a persistent log of which directories...
symptomsd is the macOS network diagnostics daemon that monitors network quality and connectivity health. It collects data about network inte...
rapportd is the macOS daemon that handles local device discovery and communication for features like Universal Clipboard, Handoff, AirPlay, ...
sharingd is the macOS daemon that handles AirDrop file transfers, Shared Computers discovery in Finder, and parts of the Handoff system. It ...
bluetoothd is the macOS daemon that manages all Bluetooth hardware and connections. It handles device pairing, maintains connections to pair...
wifid is the macOS daemon that manages all Wi-Fi operations. It controls the Wi-Fi hardware, handles scanning for available networks, manage...
syslogd is the macOS system logging daemon that collects, stores, and manages log messages from the kernel, system services, and application...
notifyd is the macOS daemon that provides the low-level notify(3) notification mechanism used for lightweight inter-process communication. U...
UserEventAgent is a macOS system process that manages user-level system events and loads plug-ins that respond to those events. It acts as a...
AMPDevicesAgent is a macOS process that manages communication between Apple Music (and the broader Apple media framework) and connected devi...
airportd is the macOS daemon responsible for managing the Wi-Fi hardware and wireless network connections. It handles scanning for available...
coreduetd is a macOS daemon that collects usage patterns and interaction data to power intelligent features like Siri Suggestions, Handoff, ...
accountsd is the macOS daemon that manages all internet accounts configured in System Settings, including iCloud, Google, Microsoft Exchange...
mDNSResponder is the macOS daemon that implements Bonjour, Apple's zero-configuration networking protocol. It handles multicast DNS (mDNS) f...
XProtect is Apple's built-in antimalware system on macOS that automatically scans downloaded files and applications for known malware signat...
MRT (Malware Removal Tool) is Apple's built-in malware cleanup utility on macOS. Unlike XProtect, which prevents malware from running, MRT a...
softwareupdated is the macOS background daemon responsible for checking, downloading, and preparing system software updates. It periodically...
CalendarAgent is the macOS background process that manages calendar data synchronization between the Calendar app and your configured calend...
Download CoreLock and find out what's really happening on your computer in under 60 seconds. No account needed.
Free forever · No credit card · Apple Notarized