Billions of wireless devices are foreseen to participate in big data aggregation and smart automation in order to interface the cyber and physical worlds. Such large-scale ultra-dense wireless connectivity is vulnerable to malicious software (malware) epidemics. Malware worms can exploit multihop wireless connectivity to stealthily diffuse throughout the wireless network without being noticed by security servers at the core network. Compromised devices can then be used by adversaries to remotely launch cyber attacks that cause large-scale critical physical damage and threaten public safety. This article overviews the types, threats, and propagation models for malware epidemics in large-scale wireless networks (LSWNs). Then the article proposes a novel and cost-efficient countermeasure against malware epidemics in LSWNs, called spatial firewalls. It is shown that equipping a strategically selected small portion (i.e., less than 10 percent) of the devices with state-of-the-art security mechanisms is sufficient to create spatially secured zones that quarantine malware epidemics. Quarantined infected devices are then cured by on-demand localized software patching. To this end, several firewall deployment strategies are discussed and compared.