Security News > 2022 > November > Russia-based Pushwoosh tricks US Army and others into running its code – for a while

Russia-based Pushwoosh tricks US Army and others into running its code – for a while
2022-11-15 01:30

US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company - which presents itself as American - is actually Russian, according to Reuters.

Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications based on smartphone users' online activity.

"NTC reports they did not have any knowledge that Pushwoosh code was part of the app and were not aware of Pushwoosh itself or that it was a Russian-owned company."

In addition to the US government agencies, consumer goods giant Unilever, the Union of European Football Associations, American gun lobby group National Rifle Association, and Britain's Labour Party also installed Pushwoosh code in their apps, Reuters reported.

Apps running Pushwoosh code are available on Google Play and Apple's App Store, and the company claims its code runs on more than 2.3 billion connected devices, according to its website.

The US Army in March pulled an app used by soldiers that contained Pushwoosh code because of security concerns, we're told.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/15/russia_pushwoosh_us_army/