Defenders argue this is a "false positive" because the tool does hack the system. But attackers rely on this ambiguity: users ignore warnings, thinking it is just the crack being detected, while in reality the AV is correctly identifying malicious behavior.