 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
This keeps popping up [url= https://live.staticflickr.com/65535/49501832942_40d7b0fa6d_o.pn g" target="_blank">https://live.staticflickr.com/65535/49501832942_40d7b0fa6d_o.pn g"/> [/img][/url]
I have not instigated an update and automatic updates are disabled.
So I'm suspicious about the origins of this. I cancel that first dialog repeatedly, then this appears.
[url= https://live.staticflickr.com/65535/49501609621_5413556055_o.pn g" target="_blank">https://live.staticflickr.com/65535/49501609621_5413556055_o.pn g"/> [/img][/url]
It has no close box, and the only option is the button. I am not prepared to click that because I don't trust it. This window stays at the forefront of all windows opened.
If I go to Force Quit for Safari that window persists. Eventually it disappears.
If I ignore it and do nothing Safari eventually crashes (but no Report to Apple dialog comes up)
Am I right to distrust this?
Yes it's malware. A quick google of the phrase "apple wants to make changes type your password to allow this" suggest downloading and running Malwarebytes should deal with it
I didn't look into it much but saw some mentions of it relating to a botnet (so your PC could end up being used in a DDOS attack or worse). But usually these things end up with a fairly generic loader being downloaded (a bad guy purchases the loader software from a malware kit author), the bad guy then customises what the loader does (whether it's adding to the loader's payload to directly install something like a keystroke logger to harvest passwords or it's just set to contact a command & control server - at which point your PC goes to a server on the Internet to download the malware). So you can never really be sure what it's going to do, and the loader itself might not be directly harming your PC, but you want to get rid of it before it contacts a c&c server and does pull down malware/ransomware.
suggest downloading and running Malwarebytes
Just Bootcamp it and install Windows 10. It has built in anti-malware so you are protected automatically.
I think my wife installed some semi-malicious browser software, about ab year or more ago - ironically to try and mitigate against snooping malware. As above I think it installs a hijack search engine so you don't get the Safari or Google search bar, but directs it through a third party paid-for engine. It all got a bit messy to untangle, and I was wary of installing more anti virus softwre to clean it up - e.g. MacCleaner.