The PKGBUILDs are not archived, but the package page does helpfully list its sources, one of which is https://github.com/danikpapas/zenbrowser-patch.git (same for all three packages). I would assume that's where the malware is, but I couldn't find an archive. Does https://www.gharchive.org/ keep this sort of data?
ETA: According to a Reddit post linked elsewhere in this thread, the payload was a binary file downloaded by a python script in the repository. It has been uploaded to VirusTotal, but downloading requires a premium subscription according to their docs: https://www.virustotal.com/gui/file/d9f0df8da6d66aaae024bdca...
The PKGBUILDs are not archived, but the package page does helpfully list its sources, one of which is https://github.com/danikpapas/zenbrowser-patch.git (same for all three packages). I would assume that's where the malware is, but I couldn't find an archive. Does https://www.gharchive.org/ keep this sort of data?
ETA: According to a Reddit post linked elsewhere in this thread, the payload was a binary file downloaded by a python script in the repository. It has been uploaded to VirusTotal, but downloading requires a premium subscription according to their docs: https://www.virustotal.com/gui/file/d9f0df8da6d66aaae024bdca...