Security software company Panda claims to have identified that brand new HTC Magic phones distributed by Vodafone might be carrying and distributing malware without the user's knowledge. The company has written a blog post claiming that a brand new Spanish handset, plugged into a computer for the first time, triggered an infection alert.

That infection allegedly comprised a Mariposa bot client, run by someone called tnls. The implications are severe - if infected, the handset could log all of your private data - phone calls, text messages, web passwords and browsing data and send it to a third party. The phone would also attempt to spread its infection to any computer it was plugged into.

The Vodafone HTC Magic also supposedly contained the Conficker worm, and a Lineage password stealing app. We've reached out to Vodafone UK and HTC for comment, but neither had got back to us at the time of writing. We'll keep a close eye on the story, and issue updates as we get them.

Update: HTC has got back to us, saying: "HTC operates rigorous quality assurance testing of all products entering the market. We believe this was an isolated incident but are working closely with Vodafone to investigate thoroughly. We have been delighted by the reaction of Vodafone customers to the HTC Magic and look forward to the arrival of the new HTC Legend and HTC Desire, which will be rolling out across EMEA in select markets from April 2010".

Update II: And here's a statement from Vodafone: "The device involved in the incident was purchased by a customer of Vodafone Spain and is currently being investigated. The early indications are that this was an isolated local incident. Vodafone UK has received no reported security problems customers using the HTC Magic, although we continue to monitor the situation closely. We take our customer's security and privacy extremely seriously and will take further action to protect our customers should it be necessary".