Suspicious extensions analysis

I’ve been checking some suspicious extensions and I’ve found one (in Chrome store) that uses slightly modified “jQuery v3.2.1” library.
The original:

accepts: {"*": Kb, text: "text/plain", html: "text/html", xml: "application/xml, text/xml", json: "application/json, text/javascript"},

Modified:

accepts: {"*": Kb, text: "text/plain", html: "text/сomponents", xml: "application/xml, text/xml", json: "application/json, text/javascript"},

The difference is, that the modified one accepts “text/сomponents”.
But how can this help the attacker?

UPDATE:
Did you noticed, the “c” in the “text/сomponents” string is not a “c”? :open_mouth:
It’s actually a Unicode: U+0441, a Cyrillic “s”. But I can’t tell how this helps anyone…

1 Like