Here’s a good search list made by another developer.
- 1] require , Require is in many scripts, not malicious all of the time. Follow the methods posted above to verify it being malicious.
- 2] xen
- 3] luraph
- 4] local a=
- 5] a=
- 6] b=
- 7] brew
- 8] anti.backdoor
- 9] backboor
- 10] synapse
- 11] exploit
- 12] loading
- 13] \114\101\113\117\105\114\101 [Bytecode for require]
- 14] Joint
- 15] loadstring
- 16] string
- 17] math
- 18] getfenv
- 19] getfenv()["\108\111\97\100\115\116\114\105\110\103
Source: A backdoor disguised as a "fast load" place - #9 by BankrollHero