I understand that sharing video, photos, documents etc. is relatively safe because the data is not executed in the processor as instructions. How come people are willing to download and install pirated software though? How can one be confident that it does not contain malicious addons? Are people just don’t know the risks? Or are there protection mechanisms that I am missing? I mean since the software is usually cracked there is not much use in comparing checksums with the originals, is it?
You can always run software in a Virtual Machine to see if it’s the real deal or not. Additionally, people really like to be “the first” or “the one” who actually provides something. See for example the first cracked Version of Read Dead Redemption 2 - it was announced like a special record (and it was!). Being the first to provide an actual, working copy brings fame, that’s why people go to such lengths to crack and provide software. And the people who download it? Well, they can often rely on those with virtual machines testing the software and then on reviews and ratings available on the download sites.
Virtual machine testing is a good idea, but I wouldn’t rely on it. Well written malware will check for a virtual environment and might even hold off executing if it detects it. Better malware will have already gained persistence as your testing for it.
If possible just use it in the vm only