A Look Back at How Kaspersky Lab Discovered the Very First Mobile Malware

18 Jun 2014

Ten years ago, Kaspersky Lab reported the discovery of Cabir – the first ever worm designed to attack mobile phones. Unlike most modern malware samples, Cabir wasn’t equipped with a wide range of malicious functions. Instead, it made history by proving that it was possible to infect mobile phones.

The worm was first discovered when Kaspersky Lab virus analyst, Roman Kuzmenko, received a suspicious email with no text in the email body and only an attachment. After some analysis, the analyst found that it was written to execute on the Symbian OS – a mobile operating system which powered Nokia mobile phones.

Further analysis showed that this file was able to send itself to another phone via Bluetooth, which drained the infected phone’s batter extremely quickly. This was the only function of the newly discovered malware – it was hardly malicious. However, after discovering that the malware could send itself to other phones, Kaspersky Lab was encouraged to create a special mobile malware analysis room that prevented radio signals from leaving it. This is where Kaspersky Lab began testing new mobile malware samples.

In the malware coding, Kaspersky Lab found mentions of “29A,” a group of malware writers notorious for developing conceptual viruses in order to prove vulnerabilities in certain systems or devices. The group published information about the Cabir malware in its e-magazine, which prompted other virus writers to develop the idea further.

Alexander Gostev, Chief Security Expert at Kaspersky Lab, said of the discovery, “Cabir was just a beginning, a starting point. Soon after we discovered it, we saw clearly that mobile threats are a very serious problem which needs a very special approach. In response, we established a whole new research division within Kaspersky Lab that was fully dedicated to mobile threats.”

After Cabir, a few hundred different viruses targeting Symbian devices were discovered. However, the number of malware samples targeting this platform started to decline rapidly after the establishment of new mobile operating systems, such as Android, which grew to be more widespread and thus more lucrative for cybercriminals. Ten years after the discovery of Cabir, Kaspersky Lab’s collection of mobile malware contains more than 340,000 unique samples, with more than 99 percent targeting the Android operating system.

More details about how Cabir was discovered, how it got its name, the epidemic it provoked and the impact that it made on the cyber security industry can be found in a blog post by Eugene Kaspersky.

To see how mobile malware has evolved during the last ten years please check out a special Kaspersky Lab Infographic.