Depends on the type of illicit software. Things like cracks, aimbots, cheats, and anything else designed to modify the behavior of another program, *do* in fact act like viruses. The antivirus can’t possibly know that you want that behavior, it just sees a program that tries to mess with another program.

Another reason might be the lack of trustworthy digital signatures, which illicit softwares obviously don’t have. That makes the AV usually more “suspicious” of a program in the first place.

And finally, how do you know that there are *really* no viruses in that software? After all, the grey market is the perfect place to distribute malware.

Because anti-virus software has evolved beyond just detecting viruses. They detect all sorts of malicious programs and code and flag them as what they are. So if it’s not a virus, but still bad, it won’t flag it as a virus, it will flag it as whatever it is (e.g. tracking cookie, trojan, spyware, etc.)

Anti Virus scans code to detect viruses.

So when you download that TotallyLegitGame, the software will scan all the codes, and when it sees certain lines designed to “crack” anti-piracy software, which looks suspiciously like the codes that try to “crack” computer security, it gets flagged.

Modern anti viruses and security tools use signature based detectors and TTP based detectors (tactics, techniques, and procedures or the HOW of how attackers breach a system). If a signature (think of a programs name) matches a bad signature or looks like a signature that follows a “bad code” pattern, it will get flagged. Since a computer doesn’t know that you, in fact, want this file to change something on purpose, it will usually quarantine it or remove it automatically. Better safe than sorry they say.

Anti-virus programs look for certain code signatures, or check if digital signatures of existing programs have changed since the last run.
If the signature checking pattern is short enough, there maybe a chance it matches other code.