Vodafone has shipped a handset in Spain that contained data-stealing malware, according to new revelations from Panda Research.
The security firm said that it found an HTC Magic device running Google's Android platform, and containing a Mariposa botnet client, among other malware.
Pedro Bustamante, senior research advisor at Panda, explained in a blog post how the virus works.
"Once infected you can see the malware 'phoning home' to receive further instructions, probably to steal all of the user's credentials and send them to the malware writer," he said.
A Vodafone spokesman said that the company is investigating the incident, which it believes is limited to a single handset. He also speculated on how the malware may have found its way onto the device.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," he said.
The spokesman added that Vodafone takes complaints of this nature very seriously, and that all quality assurance, security and privacy processes are updated to meet any new threats.
Bustamante said that Panda Research is purchasing more handsets to study the extent of the problem, and that the device also carried Conficker and Lineage password-stealing malware.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally