Vodafone has confirmed that the two HTC Magic handsets found to be infected with the Mariposa botnet were not isolated incidents, but part of a problem that has affected thousands of devices.
The company had said that the two cases of infected smartphones were isolated, but promised to look into the incident.
However, following some weeks of consideration and investigation Vodafone has revealed the true extent of the problem.
According to a statement, the firm has discovered that 3,000 HTC handsets have been shipped with the security problem in place.
"Vodafone takes the security and quality of its products and services very seriously," the company said.
"After becoming aware of a security issue referred by a customer, Vodafone Spain has conducted an intensive investigation and has concluded that the cause is a batch of infected memory cards. This is just a local incident in Spain."
Customers with infected smartphones will be sent a replacement memory card, the firm added, as well as tools and fixes for any already infected handsets.
Vodafone had initially played down the infections, telling V3.co.uk that the first case was the result of individual tampering.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," a spokesman said at the time.
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago