[help] How are these payed anti cheats detecting lua injection?

Most cheats trigger an event whenever it’s being enaled which you can then listen for, see How To Create an Anti-Cheat - List of Vulnerable and Abused Events (Updated January 2020)