Media reports say TomTom has admitted that a batch of the devices have been shipped with the offending malware, although the company does not mention the issue on its website.
Sophos says the Linux-based devices cannot run the Trojan threat within their own systems, but if the device is connected to a Windows PC users face their machines becoming infected.
Last year, Apple Computer admitted that an unspecified number of its new iPod video players were shipped with malware, and McDonald’s in Japan was forced to recall thousands of MP3 players it had given away to customers after discovering they too were infected.
"There are a number of postings on the internet from TomTom purchasers asking for advice about the viruses, going back as far as September 2006," said Graham Cluley, senior technology consultant for Sophos.
"But they are the lucky ones who were running an anti-virus product and caught the infection before it could cause too much harm.
“What's more worrying is that there may be many innocent consumers out there who are unaware they have passed an infection onto their Windows PC," said Cluley.
Comment on this article: firstname.lastname@example.org