Vodafone has confirmed that the two HTC Magic handsets found to be infected with the Mariposa botnet were not isolated incidents, but part of a problem that has affected thousands of devices.
The company had said that the two cases of infected smartphones were isolated, but promised to look into the incident.
However, following some weeks of consideration and investigation Vodafone has revealed the true extent of the problem.
According to a statement, the firm has discovered that 3,000 HTC handsets have been shipped with the security problem in place.
"Vodafone takes the security and quality of its products and services very seriously," the company said.
"After becoming aware of a security issue referred by a customer, Vodafone Spain has conducted an intensive investigation and has concluded that the cause is a batch of infected memory cards. This is just a local incident in Spain."
Customers with infected smartphones will be sent a replacement memory card, the firm added, as well as tools and fixes for any already infected handsets.
Vodafone had initially played down the infections, telling V3.co.uk that the first case was the result of individual tampering.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," a spokesman said at the time.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23