A recent report by security company Cybereason has revealed that more than 500,000 machines have been infected by malware from a single decrypted application. Once a user has downloaded and installed this type of software, malicious code hidden inside it can steal information from their computer. Many of the most sophisticated forms of malware are designed to remain undetected.
Crack toolsare often detected as malware or viruses, as they are specifically designed to modify programs and files so that they do not work as intended.
This includes deleting verification files, modifying the state of the registry, and doing whatever else is necessary to prevent the target from functioning properly. On torrent sites, it is common to find users who have uploaded multiple games, applications, and key generators that are all the same size. For example, in the image below you can see that a user named 'toneg374' has uploaded many torrents at once and they are all 25.33 MB in size. It is not uncommon for known harmless crack signatures to be permanently blacklisted by antivirus software, even if those cracks do not infect devices or collect personal information.
This is why crackers will make sure that the crack works as intended on the surface so that users have no reason to try to get rid of it soon after installation. If the anecdotal reports quoted by Avast are anything to go by, cracked games may run well but with an invisible threat lurking beneath the surface. Often, the person who installed the software and manages it will want to know if decrypted software has been installed on their machine. I know that part of the crack is a fake file designed to lock your computer or steal private information, but most of them can make the software run in its full version. Even though crack allows users to use the program for free (i.e., they achieve their goal with the program and make it work as desired), antivirus software does not take this into account.
There is no advantage to including cracks in the whitelist and a significant disadvantage, as it could be seen as facilitating crime or putting them at risk if something they have whitelisted turns out to be malicious or harmful. No one has the time or inclination to reverse engineer every distributed copy of every crack on the market, which is part of the reason why people are warned about potential piracy malware in the first place. For example, if you're an Xbox Live fan, testing your luck with cracked games could be a terrible idea. When users download these files, they think they are getting the latest game, app or trap for free, but when they install it they will be greeted with an installation screen that disappears quickly. Even if antivirus software detects it, users usually put it on exception and don't care, based on the assumption that “antiviruses don't like decrypted software” - when in fact decrypted software and free movies often contain malware. What I'm trying to say is that just because a crack seems to work well doesn't mean you should sit back and relax.
The older the version of software you are using, the greater the risk of malware exploiting vulnerabilities in decrypted software. Antivirus programs detect cracks because they contain some form of malware, because decrypted code triggers a false positive, and because antivirus companies actively fight against piracy - especially in enterprise antivirus software - using heuristic or signature-based detection. Security researcher Benkøw recently noticed that monetized installers posing as software cracks and key generators now often install Trojans that steal passwords or Remote Access Trojans (RATs) when run.