Originally from the Joomla Vulnerability Extensions List website in regards to templates that have been hacked and distributed for free.
This isn’t coming from template developers and template clubs but from warez sites or free template download sites. These people have downloaded the templates from the main websites where they were created and then inserted malicious code into the templates.
Unsuspecting Joomla users are downloading these illegally sourced and reproduced versions of the templates and installing them onto their websites not knowing that there is a huge amount of malicious code in the templates itself.
This creates all sorts of security and privacy issues. Who knows exactly what information is being collected and what the malicious code is doing in the templates. Usually the malicious code is used to infiltrate the server settings, usernames and passwords to send out mass spam and phishing emails to generate money or scam unsuspecting people.
Some of the users that have downloaded the templates are also completely unaware that they have such a template installed on their website until it is too late.
I’ve heard some people going to the providers support forums to ask for support for their illegally downloaded template.
This practise also goes for any extension that you may install on your Joomla website, make sure you get the extension from the source website, downloaded legally from the original developer and provider.
Hopefully this advice will help you avoid situations like this, and also helps support the developers as well for the templates and extensions.