If you use Firefox — and this is a better option than the kludgy Microsoft Edge or hoggish Google Chrome browsers — you may have encountered this malware. It spreads through ads used by third-party services such as one finds on major conservative sites like Drudge Report and Breitbart, and has shown up on both of them.
As a Firefox user noted:
From what I have gathered about bogus FF patch notices, they are associated with third-party-ad-supported web sites. Which, of course, means just about every website not affiliated with a brand or proprietary interest. The third-party links are usually benign, but often (and regularly) harbor malicious code.
Which means this is yet another advertising revenue business model problem. Since the advertising content is controlled by third-parties, visitors are at the mercy of whatever code advertisers allow / inject into browser traffic.
Likewise, websites dependent on third-party ad revenue are not the most rigorous at monitoring the ads, and do not want to annoy their advertisers. They even may protest “We did not know– we rely on people to alert us to problems, and then we take care of them.” But then, that is only what they claim.
Today, the main issue that should concern millions of FF and TB users is they have been de-sensitized by years of frequent updates– ironically, for actual security enhancements. As a result, many users no longer even question bogus notices which have familiar Mozilla graphics.
Firefox will notify you via a system window that appears outside of the browser window when an update is available. Any other method of “update” is a bad idea.