Since Xshell stores saved server passwords and SSH keys, malware specifically targets its configuration files. Attackers will have direct access to your production environments within hours.
Most people searching for a “product key” are trying to convert the Free edition into a Commercial one without paying.