"Pirates used Apple's enterprise developer certificates to put out hacked versions of some major apps... The altered versions of Spotify, Angry Birds, Pokemon Go and Minecraft make paid features available for free and remove in-app ads... The pirates appear to have figured out how to use digital certs to get around Apple's carefully policed App Store by saying the apps will be used only by their employees, when they're actually being distributed to everyone."
So, bad actors abuse technology intended for a company's employees to distribute apps directly to consumers. Software pirates, indeed.
To avoid paying for hacked apps, consumers need to shop wisely from trusted sites. A fix is underway. According to CNet:
"Apple will reportedly take steps to fight back by requiring all app makers to use its two-factor authentication protocol from the end of February, so logging into an Apple ID will require a password and code sent to a trusted Apple device."
Let's hope that fix is sufficient.