{"slug": "primed-for-malware-stop-selling-compromised-android-devices", "title": "Primed for Malware: Stop Selling Compromised Android Devices", "summary": "Researchers have repeatedly found Android devices pre-loaded with malware sold on Amazon and other major online retailers, with one campaign affecting 10 million devices. The Electronic Frontier Foundation calls on Amazon to systematically prevent these compromised devices from entering homes and networks, noting that the problem persists despite individual takedowns.", "body_md": "[Time](https://www.eff.org/deeplinks/2023/05/android-tv-boxes-sold-amazon-come-pre-loaded-malware) and [time](https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware) again, researchers have found numerous compromised Android [devices](https://github.com/DesktopECHO/T95-H616-Malware/tree/main) for sale at large online retailers like Amazon. When these devices get *individually* reported, we have seen some [noted](https://techcrunch.com/2023/11/16/childrens-tablet-has-malware-and-exposes-kids-data-researcher-finds/) efforts to take them down. But this is a systemic problem and Amazon and other major online retailers must make a corresponding systemic and intentional effort to stop these devices from entering people’s homes and ultimately their networks.\n\nAs a refresher: Last year, Google [wrote](https://blog.google/innovation-and-ai/technology/safety-security/google-taking-legal-action-against-the-badbox-20-botnet/) that one major campaign, deemed [BADBOX](https://www.humansecurity.com/company/satori-threat-intelligence/badbox/), affected 10 million uncertified devices that were running Android’s open-source software (Android Open Source Project or AOSP). These devices span from TVs and streaming devices to digital picture frames. [Even now](http://www.wsj.com/video/series/in-depth-features/how-millions-of-digital-home-devices-are-secretly-powering-cyberattacks/F411AC06-C2A2-4F0E-8617-93A1CA95B340), someone can go on Amazon and Walmart and buy one of these devices. Not all of them come from Amazon and Walmart, but it’s fair to assume since they have the [lion’s share of the market](https://www.forbes.com/sites/mariagraciasantillanalinares/2025/06/12/the-worlds-largest-retailers-2025-amazon-tops-list-of-global-retailers-ahead-of-tariff-impact/).\n\nMost well-known Android-based devices don’t come with just “stock Android.” The operating system is usually Android plus additional features that the manufacturer wanted. These custom versions of Android often come with pre-installed applications that range from useful to innocuous bloatware to actual malware. Many Android OEMs (original equipment manufacturers) pre-install apps that may not be visibly represented by an icon in your list of installed apps. This obscurity makes the issue particularly hard for users to identify any potential threats.\n\nSince the initial BADBOX analysis, there have been [more](https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/) [reports](https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/) of large campaigns and clusters of [different devices](https://darknetdiaries.com/episode/172/) participating in malicious activities that utilize people’s home networks to engage in illegal activity. Task forces in the private sector have made [an effort](https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network) to take down these existing [Command and Control](https://ssd.eff.org/glossary/command-and-control-server) structures, but [these actors may pivot and evolve](https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/) to flood the market with more devices.\n\nOnline retailers can stop this cycle. A multi-billion dollar company like Amazon should offer more resources, like [their anti-fraud efforts](https://trustworthyshopping.aboutamazon.com/2025-trustworthy-shopping-experience-report#holding-bad-actors-accountable), given that these products may have facilitated conditions for large scale attacks and illegal activity. It would also be helpful if they communicated malware-related take downs in a more visible way to consumers who are seeking very similar devices with shared characteristics.\n\nIdentifying these devices can be tricky, but it’s not impossible because they tend to follow a pattern. For example, [the FBI warned consumers this year](https://www.fbi.gov/investigate/cyber/alerts/2026/evading-residential-proxy-networks-protecting-your-devices-from-becoming-a-tool-for-criminals) to avoid TV streaming devices that claim to provide free sports, tv shows, and movies, a common tactic used by the makers of these malware-filled Android devices that leverages people’s exhaustion from spending money on countless streaming services. [We detailed what sorts of indicators](https://www.eff.org/deeplinks/2025/06/fbi-warning-iot-devices-how-tell-if-you-are-impacted) to look for on a device you’ve purchased.\n\nBut it’s not just the storefronts. There are other parts of this ecosystem that need to improve too, like increased engagement in [firmware transparency](https://blog.google/security/bringing-binary-transparency-to-the-android-ecosystem/) and the actual manufacturers of the devices themselves being held accountable for these malware laced products.\n\nOn Prime Day, we urge retailers like Amazon to better empower users with information they need to make safe and smart decisions.", "url": "https://wpnews.pro/news/primed-for-malware-stop-selling-compromised-android-devices", "canonical_source": "https://www.eff.org/deeplinks/2026/06/primed-malware-stop-selling-compromised-android-devices", "published_at": "2026-06-25 23:39:34+00:00", "updated_at": "2026-06-26 02:11:32.082586+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy"], "entities": ["Amazon", "Google", "Walmart", "Electronic Frontier Foundation", "FBI", "BADBOX", "Android"], "alternates": {"html": "https://wpnews.pro/news/primed-for-malware-stop-selling-compromised-android-devices", "markdown": "https://wpnews.pro/news/primed-for-malware-stop-selling-compromised-android-devices.md", "text": "https://wpnews.pro/news/primed-for-malware-stop-selling-compromised-android-devices.txt", "jsonld": "https://wpnews.pro/news/primed-for-malware-stop-selling-compromised-android-devices.jsonld"}}