Given WINE’s focus on gaming, the execution of the malware could run into issues with system calls which the malware relies on not being fully implemented or acting in unexpected ways. That said, if the if the execution works, the malware may run to completion and have some impact, depending on what the malware was designed to do.

• Infostealers - On a Windows system, this class of malware pulls credentials from browsers (never, ever save your passwords in a browser. Use a password vault. e.g. KeePass, BitWarden). In the ones I have analyzed, they pull the passwords from the browser storage files directly and rely on known file paths. I think this would ultimately fail, as the files in those known paths won’t actually be your browser profile. Under the same logic, stealing cookies won’t work out either. They are just files in a known location, which won’t actually be the right location when running under WINE. Similarly, stealing credentials from Windows Credential Manager will fail, as that won’t have anything useful there. There is other stuff they can go after, but I think you get the point. The stuff it tries to steal won’t actually be in the locations it’s expected to be in. So, I’d think this class of malware would ultimately fail. Of course, attackers could always rewrite the malware to detect the WINE environment and then have it pivot to the the right locations for all this stuff. So, all of this analysis could become wrong.
• Ransomware - On a Windows system, this class of malware will search through the filesystem and encrypt files with specific extensions (.docx, .pdf, .png, and so on). Given that the Linux filesystem is reachable from the WINE environment, I kind think this has a chance of working. One interesting question would be if the encryption routines in the malware would actually work. Again, I think they would. The malware is likely to leverage cryptographic libraries built into Windows and I’d think that WINE would mostly handle those due to DRM/Anti-Cheat in games. It would just be down to how gracefully the malware deals with Unix file paths. My guess would be that the WINE translation layer would make it work. That just leaves the communications back to the attacker’s server for delivery of the keys. I’d guess this would work as WINE is setup to allow communications out to the internet.
• Remote Access Tool (RAT) - I’d guess that some of these would work though they may act funny for the attacker. As with ransomware, the communications back to the attacker’s server should work. This isn’t going to be terribly different from communicating with a game server. There might be some issues around the local agent working correctly though. The attacker may be relying on cmd.exe or powershell to run their commands. So, that might run into issues. At the same time, the malware could implement any commands directly via system and API calls. I’d think most of those would work. So, the attacker may have enough capability to fully compromise the Linux system, if they are willing to put the time into it.

That’s just three possible classes of malware, though it’s most of what I run into professionally (I work in Incident Response). Overall, I’d recommend not relying on Linux to keep you safe from malware bundled into pirated games. While I don’t expect that the infostealer parts of the malware would work correctly (for now), a lot of malware does more than one thing. The attacker may not get your credentials with the initial infection, but you could be opening yourself up to other malware. And, if the attacker includes a RAT, he could come back later and ruin your day.

So ya, be very, very careful about running stuff which you don’t know is safe.