Vodafone has confirmed that the two HTC Magic handsets found to be infected with the Mariposa botnet were not isolated incidents, but part of a problem that has affected thousands of devices.
The company had said that the two cases of infected smartphones were isolated, but promised to look into the incident.
However, following some weeks of consideration and investigation Vodafone has revealed the true extent of the problem.
According to a statement, the firm has discovered that 3,000 HTC handsets have been shipped with the security problem in place.
"Vodafone takes the security and quality of its products and services very seriously," the company said.
"After becoming aware of a security issue referred by a customer, Vodafone Spain has conducted an intensive investigation and has concluded that the cause is a batch of infected memory cards. This is just a local incident in Spain."
Customers with infected smartphones will be sent a replacement memory card, the firm added, as well as tools and fixes for any already infected handsets.
Vodafone had initially played down the infections, telling V3.co.uk that the first case was the result of individual tampering.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," a spokesman said at the time.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws