Russian Code Discovered in U.S Government Agencies & Mobile App Stores

Category: Application Security | Industries: Government, Healthcare, Military | Level: Strategic | Source: Reuters

Pushwoosh, a data processing company, has been posing as a U.S based company located in Washington, D.C, and Maryland, however in actuality it is a Russian-based company headquartered in Novosibirsk, Siberia. The discovery was made by the Reuters news agency. In an exclusive report, the deception has caused great concern as the United States Army and Centers for Disease Control and Prevention (CDC) had leveraged Pushwoosh's services. Both U.S agencies have since removed the code from their applications. Pushwoosh code was used in a U.S Army training application and the code was removed earlier this year. Pushwoosh's infiltration doesn't stop there, as its code is embedded in over 8,000 mobile applications in the Google Play Store and iOS App Store. Pushwoosh's ruse will likely invite sanctions for violating FTC laws. Max Konev the CEO of Pushwoosh attempted to quell concerns stating the company "has no connection with the Russian government of any kind" adding the data collected by the application is only stored in the United States or Germany. Even so, there is concern Pushwoosh could share the data with their native government.

‍