Vodafone has confirmed that the two HTC Magic handsets found to be infected with the Mariposa botnet were not isolated incidents, but part of a problem that has affected thousands of devices.
The company had said that the two cases of infected smartphones were isolated, but promised to look into the incident.
However, following some weeks of consideration and investigation Vodafone has revealed the true extent of the problem.
According to a statement, the firm has discovered that 3,000 HTC handsets have been shipped with the security problem in place.
"Vodafone takes the security and quality of its products and services very seriously," the company said.
"After becoming aware of a security issue referred by a customer, Vodafone Spain has conducted an intensive investigation and has concluded that the cause is a batch of infected memory cards. This is just a local incident in Spain."
Customers with infected smartphones will be sent a replacement memory card, the firm added, as well as tools and fixes for any already infected handsets.
Vodafone had initially played down the infections, telling V3.co.uk that the first case was the result of individual tampering.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," a spokesman said at the time.
HomePod delay means Apple will miss Christmas sales
Reports of Toshiba PC sale plans come after it sold its TV manufacturing unit to Hisense
IoT Accelerator programme intended to stimulate tech investment in Wales
Vote follows claims of Russian interference, even though Clinton out-spent Trump 2-to-1