Time and again, cybersecurity researchers have uncovered numerous compromised Android devices for sale on major online retail platforms such as **Amazon** and **Walmart**. While individual reports have led to some devices being removed, this remains a systemic problem demanding a more concerted effort from retailers. Last year, **Google** highlighted a significant campaign known as **BADBOX**, which infected over 10 million uncertified devices running **Android Open Source Project (AOSP)** software. These devices range from smart TVs and streaming boxes to digital picture frames, many of which are still readily available for purchase today. Most well-known Android-based devices feature custom versions of the operating system, often including pre-installed applications. While some are useful or innocuous bloatware, many contain actual malware. A critical challenge is that these malicious apps are frequently hidden, lacking visible icons, making them incredibly difficult for users to detect. Since the initial **BADBOX** analysis, further reports have detailed extensive campaigns and clusters of various devices engaging in malicious activities. These operations leverage unsuspecting users' home networks to conduct illicit actions. While private sector task forces, including **Google Cloud**, have worked to dismantle existing **Command and Control (C2)** structures, threat actors are known to adapt and evolve, potentially flooding the market with even more compromised devices. Online retailers possess the power to disrupt this cycle. Multi-billion dollar companies like **Amazon** should dedicate more resources, similar to their anti-fraud initiatives, to combatting these products that facilitate large-scale attacks and illegal activities. Greater transparency in communicating malware-related product takedowns to consumers would also be beneficial. Identifying these problematic devices can be challenging but not impossible, as they often exhibit common patterns. The **FBI**, for instance, has warned consumers to avoid TV streaming devices that promise free access to sports, TV shows, and movies – a common lure used by manufacturers of these malware-infected Android devices. Users should also look for specific indicators on newly purchased devices. Beyond retailers, other parts of the ecosystem require improvement. This includes increased engagement in firmware transparency and greater accountability for the device manufacturers themselves who produce these malware-laced products. Especially during major shopping events like **Prime Day**, we urge retailers to empower users with the necessary information to make secure and informed purchasing decisions.