Which operating system was targeted by the first ever mobile phone virus?

The first known mobile phone virus was Cabir, also referred to as Caribe. Discovered in June 2004 by Kaspersky Lab, Cabir primarily targeted mobile devices running the Symbian operating system, an OS widely used in Nokia phones during the early 2000s. Although the virus itself was not overtly malicious, it marked a pivotal moment in cybersecurity history by demonstrating that mobile phones were vulnerable to malware.

Cabir functioned as a Bluetooth worm, meaning it propagated by sending itself to nearby Bluetooth-enabled devices. While its ability to spread was limited – since it required users to manually accept the file transfer – it succeeded in raising awareness about the risks of mobile connectivity. Interestingly, Cabir was not just limited to Symbian devices; it attempted to transmit itself to any Bluetooth-capable device in range, including desktop computers, printers, and other electronics, although it could only infect Symbian phones.

The worm was allegedly named after a Kaspersky employee, Elena Kabirova, and was designed specifically for Series 60 Nokia phones, which ran the Symbian OS. Users would receive a file named Caribe.sis, and if they accepted the installation, the worm would display the word “Caribe” on the screen and start attempting to spread itself to other nearby devices. In some cases, it repeatedly prompted users until they accepted, though it required human interaction to install.

Cabir was created by a hacker group known as 29A, and it was intended as a proof of concept rather than a weaponized threat. The group sent the worm to several antivirus companies, where analysts determined that the virus posed little danger in its current form. Nevertheless, Cabir’s emergence underscored the potential for more serious mobile threats.

Following Cabir, more sophisticated mobile malware began to appear. For instance:

• Mabir, a variant of Cabir, could spread via both Bluetooth and MMS, using cellular networks to infect more devices.
• Commwarrior, another Symbian-targeting worm, also spread via MMS and Bluetooth, and was more aggressive in its propagation.
• Ikee, discovered in 2009, became the first known worm to affect Apple’s iPhone, targeting jailbroken devices and altering their wallpapers to display an image of singer Rick Astley, a nod to the “Rickroll” meme.

As smartphones became central to everyday life, mobile malware evolved from basic proof-of-concept code into sophisticated, financially motivated threats. The Android platform, due to its open ecosystem and global reach, has remained a primary target for mobile cybercriminals.

Notable examples from the 2010s and early 2020s include:

• DroidKungFu and Geinimi, early Android Trojans that granted attackers remote access to infected devices.
• Simplocker, the first widely known Android ransomware, which encrypted users’ files and demanded payment for decryption.

In recent years, mobile threats have grown more advanced, with attackers leveraging spyware, banking Trojans, zero-click exploits, and even AI-driven phishing campaigns. Threat actors increasingly exploit legitimate tools and third-party app stores, blurring the line between malware and grayware.

While Apple’s iOS has historically been more resistant to widespread malware, it is not immune. Targeted attacks have occurred, especially through zero-day vulnerabilities, malicious configuration profiles, and social engineering aimed at iOS users.