Bundling malware with keygens is a very common practice. It helps because the victim doesn’t suspect anything is wrong when the thing they downloaded appears to work, unlike the sham downloads in the linked article. Gives the attackers more time to exploit the system.

You also need to look at the bigger picture: Keygens are something you very much do not want anywhere in a corporate environment for obvious reasons. Being able to flag them on Windows machines is very valuable.

Then make it a flag for windows machines on a domain account or otherwise set to be a "business PC". Doing it on consumer systems is still a problem. A false positive flag for malware - or calling any keygen malware - is still a problem. It sholudn't be removing keygens from the system because they're keygens. You shouldn't have to add exceptions for them. If they actually contain malware, great, yes, please flag them. If they're not and it's my personal computer, then if I choose to download some cars, that's none of their business.

some brands put cocaine in soda, let's ban soda altogether

Windows Defender believes that my Rust egui application is a trojan, but magically if I compile it with a different toolchain it's no longer flagged :p

There's something seriously wrong with A/V heuristics.

I’ve had similar issues across multiple programming languages. The latest is a C++ program with almost no dependencies. While I’m making changes and frequently recompiling, windows defender will randomly pop-up and let me know that it deleted my freshly-compiled binary. The change will often be something simple, and simply making any change and compiling again will randomly not get flagged.

It’s extremely annoying. It’s my code, stop deleting it. It’s not malware.

Given Rust's supply chain worries, maybe it really is, don't count it out too quickly.