Data-poisoning based backdoor attacks aim to inject backdoor into models by manipulating training datasets without controlling the training process of the target model. Existing backdoor attacks mainly focus on designing diverse triggers or fusion strategies to generate poisoned samples. However, all these attacks randomly select samples from the benign dataset to be poisoned, disregarding the varying importance of different samples. In order to select important samples to be poisoned from a global perspective, we first introduce a learnable poisoning mask into the regular backdoor training loss. Then we propose a Learnable Poisoning sample Selection (LPS) strategy to learn the mask through a min-max optimization. During the two-player game, considering hard samples contribute more to the training process, the inner optimization maximizes loss w.r.t. the mask to identify hard poisoned samples by impeding the training objective, while the outer optimization minimizes the loss w.r.t. the model’s weight to train the surrogate model. After several rounds of adversarial training, we finally select poisoned samples with high contribution. Extensive experiments on benchmark datasets demonstrate the effectiveness and efficiency of our LPS strategy in boosting the performance of various data-poisoning based backdoor attacks.