Marco, against every screaming neuron of common sense, did it. The script executed in three seconds. A green banner flashed: His heart sang. No more ramen for dinner. He closed his laptop, triumphant.

Then a terminal window opened by itself on his screen. Green text typed itself out, letter by letter: "Thanks for the invite, Marco. Your nulled license came with a backdoor. I’ve been in your kernel for 18 days. I own your nameservers, your clients’ databases, and the webcam on your laptop. Sit still." Marco’s blood turned to ice. He watched in horror as his control panel began deleting backup partitions. Then it started encrypting his clients’ WordPress databases. A new message appeared: "Every site you host now mines Monero for me. Their visitors see pop-ups for counterfeit Viagra. Your reputation? Already scraped and posted on hacker forums under ‘Worst Security Practices of 2024.’” Desperate, Marco yanked the power cord. The server died. But the damage was done. When he rebooted, the nulled script had modified the bootloader. The server came up not as "server.marcohosting.com" but as "owned.by.void.corp."

For three weeks, everything was perfect. His profit margin soared. He slept like a king.

The email arrived on a Tuesday, its subject line a siren’s song:

Marco, a broke college student running a small hosting reseller business from his dorm room, stared at the screen. His legitimate cPanel license cost $45 a month—a fortune when his only clients were his roommate’s blog and a local pizzeria’s broken menu site. His finger hovered over the mouse.

He tried to click "Fix Permissions." Nothing. He tried to SSH in. Denied.