Vodafone has shipped a handset in Spain that contained data-stealing malware, according to new revelations from Panda Research.
The security firm said that it found an HTC Magic device running Google's Android platform, and containing a Mariposa botnet client, among other malware.
Pedro Bustamante, senior research advisor at Panda, explained in a blog post how the virus works.
"Once infected you can see the malware 'phoning home' to receive further instructions, probably to steal all of the user's credentials and send them to the malware writer," he said.
A Vodafone spokesman said that the company is investigating the incident, which it believes is limited to a single handset. He also speculated on how the malware may have found its way onto the device.
"The most likely cause of this infection is that someone will have sent the device back to Vodafone in a box that looked sealed, when in fact it had been tampered with," he said.
The spokesman added that Vodafone takes complaints of this nature very seriously, and that all quality assurance, security and privacy processes are updated to meet any new threats.
Bustamante said that Panda Research is purchasing more handsets to study the extent of the problem, and that the device also carried Conficker and Lineage password-stealing malware.