RSS

Primed for Malware: Stop Selling Compromised Android Devices

leephillips1 pts0 comments

Primed for Malware: Stop Selling Compromised Android Devices | Electronic Frontier Foundation

Skip to main content

AboutContact

Press

People

Opportunities

IssuesFree Speech

Privacy

Creativity and Innovation

Transparency

International

Security

Artifical Intelligence

Our WorkDeeplinks Blog

Press Releases

Events

Legal Cases

Whitepapers

Podcast

Annual Reports

Take ActionAction Center

Volunteer

Follow EFF

ToolsPrivacy Badger

Surveillance Self-Defense

Certbot

Atlas of Surveillance

Cover Your Tracks

Street Level Surveillance

apkeep

Shop

DonateDonate to EFF

Shop

Giving Societies

Sponsorships

Other Ways to Give

Membership FAQ

Email updates on news, actions,

and events in your area.

Join EFF Lists

Copyright (CC BY)

Trademark

Privacy Policy

Thanks

Electronic Frontier Foundation

Donate

If you use technology, this fight is yours.Donate today

EFFecting Change: If You Own It, Why Can't You Fix It? on July 23

Primed for Malware: Stop Selling Compromised Android Devices

DEEPLINKS BLOG

By Alexis Hancock<br>June 25, 2026

Primed for Malware: Stop Selling Compromised Android Devices

Share It

Share on Mastodon<br>Share on Bluesky<br>Share on Facebook<br>Copy link

Time and time again, researchers have found numerous compromised Android devices for sale at large online retailers like Amazon. When these devices get individually reported, we have seen some noted efforts to take them down. But this is a systemic problem and Amazon and other major online retailers must make a corresponding systemic and intentional effort to stop these devices from entering people’s homes and ultimately their networks.

As a refresher: Last year, Google wrote that one major campaign, deemed BADBOX, affected 10 million uncertified devices that were running Android’s open-source software (Android Open Source Project or AOSP). These devices span from TVs and streaming devices to digital picture frames. Even now, someone can go on Amazon and Walmart and buy one of these devices. Not all of them come from Amazon and Walmart, but it’s fair to assume since they have the lion’s share of the market.

Most well-known Android-based devices don’t come with just “stock Android.” The operating system is usually Android plus additional features that the manufacturer wanted. These custom versions of Android often come with pre-installed applications that range from useful to innocuous bloatware to actual malware. Many Android OEMs (original equipment manufacturers) pre-install apps that may not be visibly represented by an icon in your list of installed apps. This obscurity makes the issue particularly hard for users to identify any potential threats.

Since the initial BADBOX analysis, there have been more reports of large campaigns and clusters of different devices participating in malicious activities that utilize people’s home networks to engage in illegal activity. Task forces in the private sector have made an effort to take down these existing Command and Control structures, but these actors may pivot and evolve to flood the market with more devices.

Online retailers can stop this cycle. A multi-billion dollar company like Amazon should offer more resources, like their anti-fraud efforts, given that these products may have facilitated conditions for large scale attacks and illegal activity. It would also be helpful if they communicated malware-related take downs in a more visible way to consumers who are seeking very similar devices with shared characteristics.

Identifying these devices can be tricky, but it’s not impossible because they tend to follow a pattern. For example, the FBI warned consumers this year to avoid TV streaming devices that claim to provide free sports, tv shows, and movies, a common tactic used by the makers of these malware-filled Android devices that leverages people’s exhaustion from spending money on countless streaming services. We detailed what sorts of indicators to look for on a device you’ve purchased.

But it’s not just the storefronts. There are other parts of this ecosystem that need to improve too, like increased engagement in firmware transparency and the actual manufacturers of the devices themselves being held accountable for these malware laced products.

On Prime Day, we urge retailers like Amazon to better empower users with information they need to make safe and smart decisions.

Related Issues

Security Education

Share It

Share on Mastodon<br>Share on Bluesky<br>Share on Facebook<br>Copy link

Related Updates

OPSEC trainings have become a critical aspect of our work over the years, keeping us grounded and in touch with the realities of tech-enabled violence as well as evolving resistance strategies used by movement workers. Hoping other security trainers and organizers copy our homework, here’s a more thorough breakdown.

A phone’s push notifications can contain a significant amount of information about you, your communications, and what you do throughout the day. And there are...

devices android share malware stop amazon

Related Articles

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

How to Earn a Billion Dollars

kingstoned15 ptsmonth become startup growth years billionaire
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.