Is it possible to hide files from Terminal's ls?

macos terminal malware

I am saving some files because I need to reinstall OS X, and noticed oddly high numbers of files in some folders. Is it possible for malware to hide files from ls?


Hidden files are hidden from ls unless you use the -a or -A flag:

-A   List all entries except for . and ...  Always set for the super-user.
-a   Include directory entries whose names begin with a dot (.).

Source: ls man page

Therefore, files can be hidden by starting the filename with a . but ls will still show the file if it is run with -a or -A.

Note that not all files that are hidden with a . are malware-related. The system creates many files like this for a variety of reasons in various places on the disk that can cause problems if removed or modified.


ls is not a command that opens the directory file itself and show it's contents. It uses dirent (Directory Entries) from the C library which is used by a lot of software like stat but also bash's parameter expansion.

So the real question is then: Is it possible for malware to hide files from BSD/Darwin? No, you can't hide files from it's own system because it will turn into waste (read:free to overwrite) very soon.

Related

Can I easily copy or replicate an advanced gradient fill in keynote?
How to run apple hardware test on mavericks?
MacBook Pro can't boot: shows Apple logo then grey screen
Display IP address in an Automator alert
NTFS Drivers on Mac [duplicate]
Show hidden files in SELECT folder only
Super and admin user in OS X
Is it possible to download iOS 8 beta without Developer Account?
How to keep a file hidden in Finder, but readable, writable and visible to an app?
Force Safari 7 to open link in the current tab
Can the Mac Mini Support a 4K Monitor?
Wifi: not configured