The concern isn’t so much them directly taking your money or info, but rather accepting money to enable someone else to.

Basically, they’ve been bundling ads with their installer for years, but several years back, whatever ad service they used without a care decided to start shipping spyware as well, in addition to the already existent deceptive patterns used in the installer.

You’d expect any good dev to be pissed if something like this got into their software, right? Well, they were pissed… at the users. The stupid, stupid users and cyber security researchers who dared to say this was a problem. They refused to acknowledge the problem, made excuses, removed discussions about it on their forums and tried to act like it wasn’t a big deal even if there was malware because they also offer a download without the malware, provided as a nice, tiny link on a separate page.