It probably shouldn’t come as a surprise to anyone but recently hackers have started increasing the amount of pirated themes that are being released with malicious iframe and javascript code inside the themes. This malicious code will usually connect to some far off server which is usually located in Russia or China where your visitors will receive fake virus scan alerts that can’t be closed until they are forced to purchase antivirus “software” which probably carries even more malware.
A quick look through a popular “warez” forum, warez-bb.org shows that out of 20 random themes tested, 7 of them had some sort of malicious or encrypted code inside of the theme. But what can you expect from thieves? If you really want a theme then the best thing to do is to go out and buy it, if you value your website, your visitors, and your reputation the money shouldn’t even be an issue.