var foo = navigator['hardwareConcurrency'] || 0x4;
This is useful to detect the number of cores available. I already found plenty of samples that are most of the time standalone files.
Another interesting piece of code:
return /mobile|Android|webOS|iPhone|iPad|iPod|IEMobile|Opera Mini/i['test'](navigator['userAgent']);
This is used to not run the waste resources of mobile devices.
$ wdiff -s jquery.js jquery.js.malicious ... jquery.js: 1244 words 1243 100% common 0 0% deleted 1 0% changed jquery.js.malicious: 10457 words 1243 12% common 9212 88% inserted 2 0% changed
Note that the malicious file (SHA256: ec214629efdffce5031b105737a14778a275c7a178bf1330f700ea6254269276) has a very low score on VT: 2/60 and was submitted yesterday from the USA.