Russian spyware disguised as American found in U.S. Army, CDC apps

Washington: Thousands of smartphone applications available in Apple’s (AAPL.O) and Google’s (GOOGL.O) online stores use computer code developed by Pushwoosh, a technology company that falsely claims to be based in the United States but is actually based in Russia, according to a Reuters report. Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software firm that also performs data processing, According to company documents publicly filed in Russia and reviewed by Reuters. I t has a workforce of about 40 workers and generated $2.4 million revenue in the previous year. Pushwoosh is registered with the Russian government to pay taxes in Russia. On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company, based at various times in California, Maryland and Washington, D.C., Reuters report further added. Pushwoosh provides code and data processing support for software developers, enabling them to profile the online behaviour of smartphone app users and send custom push alerts from Pushwoosh servers. According to Pushwoosh’s website, it does not gather sensitive data, and according to Reuters report there is no indication that the company handled customer data improperly. However, Russian authorities have compelled local businesses to provide user data to domestic security agencies. Pushwoosh’s founder, Max Konev, told Reuters in a September email that the company had not tried to mask its Russian origins. “I am proud to be Russian and I would never hide this.” He said the company “has no connection with the Russian government of any kind” and stores its data in the United States and Germany. Huge Database In addition to the Union of European Football Associations (UEFA) and the global consumer goods company Unilever Plc (ULVR.L), Pushwoosh code was also installed in the apps of a wide range of influential non-profits and governmental organisations, including the National Rifle Association (NRA) of the United States and the Labour Party of Great Britain. According to Appfigures, an app intelligence service, approximately 8,000 apps in the Google and Apple app stores use Pushwoosh code. On its website, Pushwoosh claims to have a database with information on more than 2.3 billion devices. SECURITY ISSUES Zach Edwards, a security researcher, first noticed the prevalence of Pushwoosh code while working for Internet Safety Labs, a nonprofit organisation. “The data Pushwoosh collects is similar to data that could be collected by Facebook, Google, or Amazon, but the difference is that all the Pushwoosh data in the U.S. is sent to servers controlled by a company (Pushwoosh) in Russia,” he said. After Reuters raised Pushwoosh’s Russian links with the CDC, the health agency removed the code from its apps because “the company presents a potential security concern,” spokesperson Kristen Nordlund said. FAKE ADDRESS, FAKE PROFILES Pushwoosh never refers to its relations with Russia in its filings with American regulatory bodies or on social media. According to its most recent U.S. corporate documents submitted to Delaware’s secretary of state, the company says its office address is a house in the Maryland suburb of Kensington, even though it identifies “Washington, D.C.” as its location on Twitter. Additionally, on its Facebook and LinkedIn sites, it provides the Maryland address. LinkedIn said it had removed the accounts after being alerted by Reuters. With inputs from Reuters Read all the Latest News , Trending News ,  Cricket News , Bollywood News , India News and Entertainment News here. Follow us on Facebook, Twitter and Instagram.