A report by security company Cybereason estimates that more than 500, 000 machines have been infected by malware from a single decrypted application. Once a user has downloaded and installed decrypted software, malware hidden inside it can steal information from your computer. Much of the smartest malware hides. I'm pretty sure that crack tools are detected as malware or viruses because, by definition, they are.
Its specific purpose is to modify programs and files so that they do not work as designed. They delete the verification files, modify the state of the registry, and do everything they can to prevent their target from working as intended. On torrent sites, you will usually find that the same user has uploaded many different games, applications, and key generators that are the same size. For example, in the image below you can see that a user named 'toneg374' has uploaded many torrents at the same time and they are all the size of 25.33 MB.
It is not uncommon for known harmless crack signatures to be permanently blacklisted by antivirus software, even if those cracks do not infect your devices and do not collect personal information. That's why they will make sure that the crack works as intended on the surface so that you have no reason to try to get rid of it soon after installation. If the anecdotal reports quoted by Avast were any indication, the cracked games played well, only with a little more invisible threat. Often, the person who installed that software and manages it wants to know that decrypted software has been installed on their machine.
I know that part of the crack is a fake file to lock your computer or steal private information, but most of them can make the software run in full version. Even though crack allows you, the user, to use the program for free (i.e. you are achieving your goal with the program and making it work the way you want it), AV doesn't care about that. There is no advantage to including cracks in the white list and a significant disadvantage, which can be seen as facilitating crime or may put them at risk if something they have whitelisted proves to be malicious or harmful.
No one has the time or inclination to reverse engineer every distributed copy of every crack on the market, which is part of the reason they are told that there is %3D %3D piracy malware in the first place. For example, if you're an Xbox Live fan, testing your chances with cracked games could be a terrible idea. When users download these files, they think they are getting the latest game, app or trap for free, but when they install it they will be greeted with an installation screen that disappears quickly. Even if the antivirus takes one, users usually put it on exception and they don't care, based on the assumption that “antiviruses don't like decrypted software, whereas, in fact, decrypted software and free movies contain malware.
What I'm trying to say is that just because a crack seems to work well, you shouldn't sit back and relax. The older the version of software you are using, the greater the risk of malware exploiting vulnerabilities in decrypted software. Antiviruses detect cracks because the crack sows some malware, the decrypted code triggers a false positive, and because antivirus companies apply the fight against piracy, especially in enterprise antivirus software, with heuristic or signature-based detection. Security researcher Benkøw has recently noticed that monetized installers posing as software cracks and key generators now often install Trojans that steal passwords or Remote Access Trojans (RATs) when running.