I think there's a rootkit installed on my device. Please help.

Does anyone know how to fix their launch agents list to remove suspicious applications.

I found out there is a "codesigning" tool allowing suspicious applications to snatch Apple's certificates and codesign their own binaries with them. How do I know, I've literally done it test the restrictions / requirements. Once a binary or application has been signed, it can run anywhere and the system will trust it.

I found a process called com.apple.seserviced in the file path /usr/libexec/seserviced.

I checked the entitlments and this straight up looks like a commercial sized entrance for this binaries to trample on my computer and iPhone. I'm thinking about putting the code in jail or a lock on the file until I can figure out it's purpose.

codesign -d --entitlements :- /usr/libexec/seserviced <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>allow-softwareupdated</key><true/><key>application-identifier</key><string>com.apple.seserviced</string><key>com.apple.BTServer.allowLEConnectionHandleQuery</key><true/><key>com.apple.CommCenter.fine-grained</key><array><string>cellular-plan</string></array><key>com.apple.NPKCompanionAgent.client</key><true/><key>com.apple.aop.rose.controller.admin</key><true/><key>com.apple.application-identifier</key><string>com.apple.seserviced</string><key>com.apple.authkit.client.private</key><true/><key>com.apple.bluetooth.pairedInfoSecurity</key><true/><key>com.apple.bluetooth.system</key><true/><key>com.apple.cards.all-access</key><true/><key>com.apple.developer.hardened-process</key><true/><key>com.apple.developer.homekit</key><true/><key>com.apple.duet.activityscheduler.allow</key><true/><key>com.apple.frontboard.launchapplications</key><true/><key>com.apple.internal.seserviced.all.endpoints.and.cas</key><true/><key>com.apple.keystore.access-keychain-keys</key><true/><key>com.apple.keystore.sik.access</key><true/><key>com.apple.mobileactivationd.bridge</key><true/><key>com.apple.mobileactivationd.device-identifiers</key><true/><key>com.apple.mobileactivationd.spi</key><true/><key>com.apple.nano.nanoregistry.generalaccess</key><true/><key>com.apple.nearbyd.diagnostics</key><true/><key>com.apple.nearbyd.xpc</key><true/><key>com.apple.nearbyinteraction.background</key><true/><key>com.apple.nfcd.event.notification</key><true/><key>com.apple.nfcd.hce</key><true/><key>com.apple.nfcd.hwmanager</key><true/><key>com.apple.nfcd.session.credential.manager</key><true/><key>com.apple.nfcd.session.fieldOperations</key><true/><key>com.apple.nfcd.session.lpemConfig</key><true/><key>com.apple.nfcd.session.se</key><true/><key>com.apple.nfcd.session.trust</key><true/><key>com.apple.payment.all-access</key><true/><key>com.apple.peerpayment.all-access</key><true/><key>com.apple.private.MobileGestalt.AllowedProtectedKeys</key><array><string>UniqueDeviceID</string><string>BootManifestHash</string><string>ArrowChipID</string><string>ArrowUniqueChipID</string><string>UniqueChipID</string><string>SerialNumber</string></array><key>com.apple.private.accounts.allaccounts</key><true/><key>com.apple.private.applecredentialmanager.allow</key><true/><key>com.apple.private.applesse.allow</key><true/><key>com.apple.private.assets.accessible-asset-types</key><array><string>com.apple.MobileAsset.SecureElementServiceAssets</string></array><key>com.apple.private.carkit.pairing</key><true/><key>com.apple.private.ckks</key><true/><key>com.apple.private.credential-state-access</key><true/><key>com.apple.private.homekit</key><true/><key>com.apple.private.homekit.home-location</key><true/><key>com.apple.private.homekit.location</key><true/><key>com.apple.private.ids.messaging</key><array><string>com.apple.private.alloy.keysharing</string></array><key>com.apple.private.ids.messaging.urgent-priority</key><array><string>com.apple.private.alloy.keysharing</string></array><key>com.apple.private.ids.remotecredentials</key><true/><key>com.apple.private.imcore.imremoteurlconnection</key><true/><key>com.apple.private.nearbyinteraction.privileged</key><true/><key>com.apple.private.octagon</key><true/><key>com.apple.private.octagon.secureelement</key><true/><key>com.apple.private.security.bootpolicy</key><true/><key>com.apple.private.security.storage.SecureElementService</key><true/><key>com.apple.private.security.storage.os_eligibility.readonly</key><true/><key>com.apple.private.seserviced.sereservation.client</key><true/><key>com.apple.private.tcc.allow</key><array><string>kTCCServiceWillow</string></array><key>com.apple.private.tcc.manager.access.read</key><array><string>kTCCServiceAll</string></array><key>com.apple.private.tcc.manager.check-by-audit-token</key><array><string>kTCCServiceAll</string></array><key>com.apple.runningboard.private.se.credential</key><true/><key>com.apple.runningboard.process-state</key><true/><key>com.apple.runningboard.seserviced</key><true/><key>com.apple.security.attestation.access</key><true/><key>com.apple.security.exception.files.absolute-path.read-only</key><array><string>/System/AppleInternal/Library/</string><string>/System/Library/Preferences/Logging/</string><string>/AppleInternal/Library/Preferences/Logging/</string><string>/Library/Preferences/Logging/</string><string>/usr/local/SLAM/</string><string>/private/var/hardware/FactoryData/System/Library/Caches/com.apple.factorydata/</string><string>/usr/libexec/</string><string>/usr/standalone/firmware/SLAM/</string><string>/private/preboot/</string><string>/private/var/db/os_eligibility/eligibility.plist</string><string>/private/var/db/nearbyd</string></array><key>com.apple.security.exception.files.home-relative-path.read-write</key><array><string>Library/HTTPStorages/com.apple.secureelementservice/</string><string>Library/HTTPStorages</string><string>Library/Caches/com.apple.secureelementservice/</string><string>Library/Logs/AppleSSE.log</string><string>Library/SecureElementService/</string><string>Library/Caches/com.apple.seserviced/</string></array><key>com.apple.security.exception.iokit-user-client-class</key><array><string>AppleSSEUserClient</string><string>AppleCredentialManagerUserClient</string><string>AppleSPURoseDriverUserClient</string><string>AppleSPUUserClient</string><string>IOHIDEventServiceFastPathUserClient</string><string>IOReportUserClient</string></array><key>com.apple.security.exception.mach-lookup.global-name</key><array><string>com.apple.NPKCompanionAgent.Server</string><string>com.apple.softposreaderd</string><string>com.apple.SBUserNotification</string><string>com.apple.carkit.pairing.service</string><string>com.apple.NPKCompanionAgent.library</string><string>com.apple.passd.library</string><string>com.apple.bluetooth.xpc</string><string>com.apple.powerlog.plxpclogger.xpc</string><string>com.apple.securityd.ckks</string><string>com.apple.security.octagon</string><string>com.apple.nearbyd.xpc.diagnostics</string><string>com.apple.secureelementservice.test.events</string><string>com.apple.seservicexctests.credential-events</string><string>com.apple.passd.nf-events</string><string>com.apple.nfcd.credential-events</string><string>com.apple.seld.tsmmanager</string><string>com.apple.passd.payment</string><string>com.apple.identityservicesd.embedded.auth</string><string>com.apple.server.bluetooth.le.pipe.xpc</string><string>com.apple.server.bluetooth.le.att.xpc</string><string>com.apple.nearbyd.xpc.ranging</string><string>com.apple.nfcd.hwmanager</string><string>com.apple.CoreAuthentication.daemon</string><string>com.apple.ak.auth.xpc</string><string>com.apple.PowerManagement.control</string><string>com.apple.idsremoteurlconnectionagent.embedded.auth</string><string>com.apple.nearbyd.xpc.nearbyinteraction</string><string>com.apple.commcenter.coretelephony.xpc</string><string>com.apple.carousel.connectionstatusservice</string><string>com.apple.SBUserNotification</string><string>com.apple.wallet.application-authorization</string><string>com.apple.duet.activityscheduler</string><string>com.apple.frontboard.systemappservices</string><string>com.apple.SESAngel.mach</string><string>com.apple.passd.device-registration</string><string>com.apple.mobileactivationd</string><string>com.apple.seserviced.sereservation.client</string><string>com.apple.CellularPlanDaemon.xpc</string><string>com.apple.surfboard.applicationservice</string><string>com.apple.surfboard.scenesessionservice</string><string>com.apple.spotlight.IndexAgent</string></array><key>com.apple.security.exception.process-info</key><true/><key>com.apple.security.exception.shared-preference.read-only</key><array><string>com.apple.mobileactivationd</string><string>com.apple.nsurlcache</string><string>com.apple.facetime.bag</string><string>com.apple.imessage.bag</string><string>com.apple.AppSupport.plist</string><string>com.apple.stockholm</string></array><key>com.apple.security.exception.shared-preference.read-write</key><array><string>com.apple.seserviced.shared</string><string>com.apple.seserviced</string><string>com.apple.secureelementservice</string><string>com.apple.seserviced.contactlessCredential.settings</string><string>com.apple.seserviced.designatedkeys</string><string>com.apple.carkey.settings</string></array><key>com.apple.security.network.client</key><true/><key>com.apple.security.ts.identity-services-client</key><true/><key>com.apple.security.ts.power-assertions</key><true/><key>com.apple.security.ts.read-factory-files</key><true/><key>com.apple.security.ts.springboard-services</key><true/><key>com.apple.seld.tsmmanager</key><true/><key>com.apple.seserviced.SESUIServiceApp.session</key><true/><key>com.apple.seserviced.seendpoints</key><true/><key>com.apple.seserviced.seendpoints.certificateauthorities</key><true/><key>com.apple.softposreaderd</key><integer>2</integer><key>com.apple.softposreaderd.provision</key><integer>2</integer><key>com.apple.springboard.monitorAppSwitcherUserQuit</key><true/><key>com.apple.springboard.remote-alert</key><true/><key>com.apple.sts.xpcservice.client</key><true/><key>com.apple.wallet.application-authorization</key><true/><key>keychain-access-groups</key><array><string>com.apple.internal.seserviced.keysync.recoveryblobs</string><string>com.apple.internal.seserviced.fidokeys</string><string>lockdown-identities</string><string>com.apple.seserviced</string><string>com.apple.private.seserviced.privacykeys</string></array><key>platform-application</key><true/><key>seatbelt-profiles</key><array><string>temporary-sandbox</string></array></dict></plist>