Vodafone Spain says that up to 4,000 HTC Magic customers could be affected by malware-infected phones one week after it called the problem an “isolated incident.”

The carrier linked the virus to a batch of memory cards that were infected with the Mariposa botnet, which affected 12.7 million personal computers and stole private credit card and banking information before Spanish police arrested the alleged ringleaders of the scam earlier this month.

A spokesman for Vodafone Spain said the company was still investigating how the memory cards got infected. “This is an incident in Spain, not an issue of HTC or Android,” he said.

The operator has identified customers who received the infected phones and is in the process of distributing replacement memory cards for the devices.

Reports of handsets infected with the Mariposa botnet surfaced after employees at two Spanish information technology security companies, Panda Labs and S21Sec, scanned their new HTC Magic handsets and discovered that they had been infected with malware.

In addition to the Mariposa botnet, Panda Labs discovered the Confiker worm and the Lineage password-stealing virus had been loaded onto the HTC Magic’s memory card.

Both the infected devices had been purchased directly from Vodafone, prompting the labs to speculate that the problem lay in the quality-assurance process on the carrier’s refurbished phones.

Vodafone says the HTC Magic is on its way out, although it has not yet given a formal discontinuation date for the device. Although news of its decision came out shortly after reports that the devices were infected with malware, the carrier said the handset was being cut because it was one of its longest-running handsets.