CyberGhost (now owned by Kape Technologies) actively monitors for cracked versions. While they rarely sue individual users, they do deploy countermeasures:
In late 2023, a popular repack labeled "CyberGhost 12.0 Premium Lifetime" circulated on a major torrent site. Within 72 hours, cybersecurity researchers identified that the repack contained a previously unseen variant of the RedLine Stealer. cyberghost vpn repack
The repack worked perfectly as a VPN for 48 hours. But on the third day, it activated: It scraped all saved passwords from Chrome, Firefox, and Edge; exfiltrated Discord tokens; and stole cryptocurrency wallet files. Over 15,000 users were compromised. The cost of the "free" VPN? An average loss of $1,200 per victim in stolen crypto and identity theft. The repack worked perfectly as a VPN for 48 hours
Many repacks disable Certificate Pinning within the VPN application. This allows the attacker to perform a Man-in-the-Middle (MitM) attack. While you think you are securely connecting to your bank, the repack has installed a rogue root certificate, allowing the hacker to decrypt your "encrypted" traffic. The cost of the "free" VPN