Five budget streaming boxes and digital photo frames bought from Amazon and Walmart arrived with factory-installed software that immediately routed third-party internet traffic through the buyers' home connections, a Wall Street Journal investigation found.
Traffic seen through the devices included links to gambling, crypto, adult-content and account-takeover activity, while Comcast tests in a Faraday cage showed some devices also launching DDoS attacks and probing hardware controls.
Because the proxy code was embedded in base firmware, post-purchase updates generally cannot remove it; the software appears to be a built-in "bandwidth monetization" tool that pays manufacturers for each enrolled device.
Federal warnings had already pointed to the threat: the FBI issued alerts in January and March, and researchers estimate about 20 million compromised devices are active in the US.
The report also spotlights a marketplace gap: Amazon and Walmart do not verify software contents of third-party connected devices before sale, leaving consumers to avoid off-brand boxes or isolate them on guest networks.
Are retailers like Amazon and Walmart the weakest link in national security for selling these compromised devices?
With malware now a factory-installed feature, is consumer cybersecurity becoming an unwinnable fight?
As millions of US homes aid foreign espionage, can the nation's critical infrastructure be adequately protected?
WSJ Uncovers 100 Million Devices Infected with Factory-Installed Malware: A Global Cybersecurity Emergency
Overview
A major Wall Street Journal investigation in June 2026 exposed that certain manufacturers, mainly in Asia, have been deliberately embedding sophisticated malware into consumer electronics during production. This factory-installed malware is deeply hidden within device firmware or operating systems, making it extremely hard for users to detect or remove. The report confirmed long-standing suspicions among cybersecurity experts and sent shockwaves through the tech industry. The malware’s origin is difficult to trace, and its presence highlights a serious supply chain security issue, as millions of new devices worldwide may be compromised before reaching consumers.