Seems like the repo containing the malicious "patches" already got taken down by GitHub.
I managed to clone to git repo out of interest before it got deleted and it very much looks like this was written using an LLM. Contains a bunch of comments like "replace this with your actual URL" and so on. > fk29g [1] filed a deletion request for zen-browser-patched-bin [2]: > > Possibly malware or at the very least highly suspicious packaging. > Downloads binary files off random websites and separate git repos. > > Lots of votes in under 24 hours as well. > > [1] https://aur.archlinux.org/account/fk29g/ > [2] https://aur.archlinux.org/pkgbase/zen-browser-patched-bin/
