UPDATED: Following Clonegate and bot farms, 3 alleged Chinese iTunes scamming games arrive onto US top grossing charts

Users claim accounts hacked, in-app purchases made

UPDATED: Following Clonegate and bot farms, 3 alleged Chinese iTunes scamming games arrive onto US top grossing charts
//UPDATED: We've since been in contact with one of the companies involved, which tells us it's been reporting such frauds to Apple since October 2011, with no avail. More to follow.

With the App Store in the grip of what has quickly become a number of scandals - Clonegate, bot farms and claims apps can steal users' address books - ;there couldn't have been a worse time for a previous offender to make a reappearance.

Back in December, reported on alleged App Store scammer Chinese studio Hoolai Games, which managed to storm the UK's top grossing charts with a freemium release delivered entirely in Chinese.

The game's user reviews were full of claims of fraud, with some suggesting they'd never downloaded the app, or paid for any of the title's in-app purchases (IAPs) - the most expensive of which came in at a weighty $99.99.

Now, the same app has made the trip across the Atlantic to the US, making an equally unannounced appearance at #3 in the App Store's top grossing chart.

Repeat offender

As before, the game is coupled by a whole host of negative reviews - many claiming they never download the app or approved any IAPs.

"Several in-app purchases posted, but not requested," reads one. "Scam, thieves. Shut them down."

"This thing made several in app purchases for me which I haven't started to create an account for," reads another.

Apple never commented when the game original sneaked into the UK's top grossing chart - climbing at high as #3 in the end - though it was claimed keystroke loggers preying on users with jailbroken devices were to blame.

Others suggested a batch of user login details had been stolen, with downloads and purchases made via the desktop version of iTunes and delivered to handsets without permission via iCloud.

Misery loves company

The prospect of mass user account theft will be weighing heavy on the minds of those at Apple right now.

Wang Tilan of alleged bot farm site TopDealApps has recently claimed to have amassed the login details of over 200,000 iTunes accounts in the US - albeit through legitimate means - raising inevitable questions regarding the state of App Store security.

Hoolai Games isn't the only Chinese developer currently gracing the higher echelons of the top grossing chart in the US, however.

Another game, also delivered entirely in Chinese by Shanghai MUHE, peaked at #11, again with user reviews accusing the app of hacking their details and making purchases without their permission.

And to cap the situation off, Happy City from ZheJiangYiJin is also currently sitting at #59, with claims of account hacking and "fraudulent charges" populating the game's reviews section.

As before, it remains to be seen whether any action will be taken against the firms involved - if, indeed, they're guilty of fraudulent activity at all.

But as we've already seen with 'clone games' removed from the App Store such as Temple Jump and Pixel Story, and alleged bot farmed games - removed and since replaced - the lack of any public guidance from Apple about what's happening is part of the problem.

With a fine eye for detail, Keith Andrew is fuelled by strong coffee, Kylie Minogue and the shapely curve of a san serif font.


View options
  • Order by latest to oldest
  • Order by oldest to latest
  • Show all replies
If u use the same pw on more than one sit, that's probably the source. That or a phishing site.
I too have had my Apple itunes account drained by the MuHE Network over two days! I have lost all of the money out of my account and have complained to iTunes. I have a superb password and feel compromised and very angry that this has happened to me. I am in the UK by the way.
This happened to me today. Haven't used my iPad in a day or so and then got an email that a purchase was made on unauthorized computer and when I logged on to my iTunes account on my pc that app that was download that morning on a divide tht wasn't mine wipped my account of 75 bucks. I too have a complex password. I don't know how they did it but apple better correct this.
jon jordan
thanks for your comment, seems like it's a wider issue than first expected
I can confirm the hacking activity on the MuHe Network . My iTunes account was hacked. The application was downloaded by a remote computer using my iTunes account and received an email from Apple indicating the activity had occured. As far as my iTunes account, I can ensure you I have a strong password as it was a pass phrase not something simple. And none of my devices are jailbroken... either a 'legitamite' looking app is key logging and sending out information or Apple has had account information compromised. So there is something rotten going on with Apple at the moment...
I just got hit with a download of Shanghai MUHE app that I did not purchase. None of my IOS devices are jailbroken so if someone is keylogging from applications they are potential legitimate applications data mining ids from IOS devices.