Vodafone has confirmed that the two HTC Magic handsets found to be infected with the Mariposa botnet were not isolated incidents, but part of a problem that has affected thousands of devices.
The company had said that the two cases of infected smartphones were isolated, but promised to look into the incident.
However, following some weeks of consideration and investigation Vodafone has revealed the true extent of the problem.
According to a statement, the firm has discovered that 3,000 HTC handsets have been shipped with the security problem in place.
"Vodafone takes the security and quality of its products and services very seriously," the company said.
"After becoming aware of a security issue referred by a customer, Vodafone Spain has conducted an intensive investigation and has concluded that the cause is a batch of infected memory cards. This is just a local incident in Spain."
Customers with infected smartphones will be sent a replacement memory card, the firm added, as well as tools and fixes for any already infected handsets.
Vodafone had initially played down the infections, telling V3.co.uk that the first case was the result of individual tampering.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," a spokesman said at the time.
Small Texas cable firm alleges foul play
Facebook will join fores with UK NGOs to tackle hate speech on the social network
A survey of local authorities has found that they face challenges in the areas of data, compliance and mobility.
More than 800,000 home users could be affected