They were using pack programs that unpacked the crack program over itself to save space. This was what triggered the antivirus. The actual crack was often just there to rewrite the launcher code to skip the copy protection.
That is the eternal problem of automated security stuff, the action may be legitimate or not based on context. And code is notoriously blind to context.