Stealing documents and keyloggers are different aspects of security. One can lead to the other but they are generally different threats. If I was going to be worried about anything with this sort of thing then it would be the usual botnet concerns.
A lot of AV programs these days also act as goody two shoes (or at least maybe dodging licensing concerns) and will flag crack programs, and even if not then the way a lot of said cracks are packed and what they do (edit other executables for one) then the heuristics tend to trip.
Anyway I am not aware of any of the major crack sets having been caught doing that, whether some repacker added one onto the crack is a different matter and even without that it is within the realm of possibility.
That said it is probably not that lucrative -- while big companies do routinely get pinged for not having enough licenses it is usually because the byzantine contract conflicted with another byzantine contract*, and courtesy of someone merging a department/buying another company they were not in compliance (for reference then license compliance is a full time position in some companies).
Some years ago there were viruses found on new hard drives. Funnily enough though it was only the big ones that people with big money will buy. Similar idea here as you are likely to only get someone's homework, a few small local companies have not been beaten hard enough to go for one of the online offerings or libreoffice.
*such things will likely never bother you if you are physically installing something with a CD. When you start messing around with virtual machines, thin clients, network authorisation, opting to pay by chair, getting caught out by licenses being for a given number of CPUs, having servers involved and whatnot is when it gets fun.
https://www.microsoft.com/licensing/terms/productoffering/OfficeDesktopApplicationsWindows/all if you are exceptionally bored.
