Illegal software downloads are often full of dangerous malware, and a recent report by security firm Cybereason estimates that more than 500,000 machines have been infected by malware from a single decrypted application. Once a user has downloaded and installed decrypted software, malware hidden inside it can steal information from their computer and even download more malware, making the problem much worse. Crack tools are typically detected as malware or viruses because they are designed to modify programs and files so that they do not work as intended. This includes deleting verification files, modifying the state of the registry, and doing whatever else is necessary to prevent the target from working as intended.
The recent Handbrake incident is an example of how source code can be leaked to malicious parties, who can then create decrypted versions of the stolen software with malware embedded in them. Windows Defender and other antiviruses such as Malwarebytes will manually mark files associated with cracks, and antivirus companies often apply heuristic or signature-based detection to fight piracy, especially in enterprise antivirus software. Cracks that are also Trojans are particularly dangerous because the hackers who created the malware will want it to enter your device without being seen. When users need a new piece of software for their PC, they may look for free options or pay for potentially expensive software.
However, even if an antivirus detects one, users usually put it on exception and don't care, based on the assumption that antiviruses don't like decrypted software - when in fact, decrypted software and free movies often contain malware. It is important to make sure you have installed a good antivirus to track any malware or viruses that the crack may have attached. It is impossible to reverse engineer every distributed copy of every crack on the market, which is why they are often assumed to contain piracy malware. Two of the most common approaches to implementing cracks are highly suspicious actions which could cause AV software to think that crack is a virus. Other than that, decrypted software may infect your device or make it more vulnerable to future infections.
Even though crack allows you to use the program for free (i.e., you are achieving your goal with the program and making it work the way you want it), AV doesn't care about that. There is no advantage to including cracks in the white list and a significant disadvantage, which can be seen as facilitating crime or putting them at risk if something they have whitelisted proves to be malicious or harmful. Attackers will often distribute adware packages by uploading them to torrent sites, creating fake YouTube videos with links to supposed license key generators, or creating sites designed to promote adware packages disguised as software cracks. For example, if you're an Xbox Live fan, testing your chances with cracked games could be a terrible idea - which is why attackers will make sure that the crack works as intended on the surface so that you have no reason to try to get rid of it soon after installation.