I downloaded a cracked install from tpb (haxnode). It was a loader exe that loaded the original exe and supposedly removed the drm in RAM. It required admin permissions, I didn't trust it, but i ran in a vm and nothing happened.
Then i told myself "i have microsoft defender and windows firewall control, they will warn me" and I ran it in my main laptop, and still nothing happened. Like, literally nothing happened. The original program would not start. It would simply exit. Nothing. The other 6 almost identical torrents from the same uploader but with a different program version had a similar result. I gave up.
Then i reboot, and firstly i notice a couple DOS prompts flashing on the screen, and windows firewall control asking me if "aspnet_compiler.exe" is allowed to access the internet or not.
Suspicious, i go to check that "aspnet_compiler.exe" and it's located in the .net system folder, i scan it with microsoft defender and it doesn't report as a virus. I do not pay attention to the fact that it doesn't have a valid Microsoft signature, and i tell myself "probably just a windows update" and i whitelist it on the firewall.
After a few hours I realize "wait a minute: it's impossible that an official windows exe isn't signed by microsoft!" I go back to scan it, not infected... or it looks like, defender says "ignored because in whitelist". What? The "loader" put c:* in the whitelist!
The "crack loader" wasn't a virus per se. It dropped an obfuscated batch in startup, which had a base64 encoded attachment of the actual malware, that was copied in the .net framework directory with unassuming names...
And this for a $60 perpetual license program that i should buy anyway because it's for work
Ubuntu had issues with it's snap store as well. I think there will be more security oriented distros in the future like Kodachi, but it's best to be cautious in general these days.
Lest we forget about the Xubuntu malware thing that just happened recently. It only targeted windows users though.