[stonogo]

While some cracks definitely shipped malware, and more commonly someone would release a crack and then a distributor would add the malware, the reason those things triggered antivirus was because they were doing their jobs: writing to memory addresses within a separate process space. This is how the cracks worked, but it's also extremely common infection tactics from malware authors.

[Moru]

They were using pack programs that unpacked the crack program over itself to save space. This was what triggered the antivirus. The actual crack was often just there to rewrite the launcher code to skip the copy protection.

[digi_owl]

That is the eternal problem of automated security stuff, the action may be legitimate or not based on context. And code is notoriously blind to context.

[codetrotter]

Yes, this is the correct answer.