Vodafone has shipped a handset in Spain that contained data-stealing malware, according to new revelations from Panda Research.
The security firm said that it found an HTC Magic device running Google's Android platform, and containing a Mariposa botnet client, among other malware.
Pedro Bustamante, senior research advisor at Panda, explained in a blog post how the virus works.
"Once infected you can see the malware 'phoning home' to receive further instructions, probably to steal all of the user's credentials and send them to the malware writer," he said.
A Vodafone spokesman said that the company is investigating the incident, which it believes is limited to a single handset. He also speculated on how the malware may have found its way onto the device.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," he said.
The spokesman added that Vodafone takes complaints of this nature very seriously, and that all quality assurance, security and privacy processes are updated to meet any new threats.
Bustamante said that Panda Research is purchasing more handsets to study the extent of the problem, and that the device also carried Conficker and Lineage password-stealing malware.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago