Suspicious popup keep turning on and off

I’ve been using qubes os several month passed after latest use. Today, i spot out that the suspicious “update tor browser” popop inside the tor browser keep coming out after i tried to use tor browsing. Last time i figured out the reason is, my centralized qubes os update mechanism has been hacked because of the security vulnerability(xsa-458) and when i finish the sys-whonix update the “update tor browser” popup keep coming out as i start the whonix-workstation-xx-dvm.

I experienced same issue constantly when i did something identifiable(e.g. searching topic on sys-vpn qube and search it on tor). Before the malicious update, i experienced “update tor browser” popup only comes when the attacker figure out who i am.

So, i suppose - is there any risk of compromised operating system possible?

Last time, i can figure out that there are something wrong with my computer, with the disk drive(sys-usb, sys-net, any other qube that transmitting network) usage is very unusual(e.g. 5gb+)

And this time, similar thing happened with some twist - i keep seeing my asrock led controller in sys-usb keep connected and disconnected. Even more suspicous thing is i can find when i entered forum.qubes-os.org and typed my password and so on, i can figure out that the motherboard led popup gone away.

Although i cannot examine whether the popup disappear when i turn off internet, or i couldn’t know whether hacker already wipe out the attack log, i think i need to ask help to find out whether my desktop is compromised.

I turned off notification since my connected email notification is linked to my compromised iphone(yeah, personally i’m feeling i have been watched by several agencies, although i don’t have any kind of abuluty to figure out where), so i would apprecuate your effort to specify which time i need to log on.

Can I ask what leads you to believe this is a malicious pop-up? While it is possible it could be spoofed, this is a normal pop-up for TOR browser to give when an update is available. When I first started using Whonix DVM’s I was running the update process in the wrong template (I was running it in the “*-dvm” template instead of the underlying template without the “-dvm” suffix) so I got the pop-up a lot. It didn’t consistently appear right as I started the browser but it did appear within 10 minutes, so it was while I was in the middle of ding something (like performing an internet search). I had no reason to believe that my computer was compromised or that anybody was targeting me through TOR during the period when this was happening.

The pop-up not appearing when you’re not connected to the internet would be expected if everything is working correctly because it wouldn’t be able to ask the server if there are available updates.

hmm, certainly i cannot directly prove that i am compromised, but there are several reason exist:

  1. i (maybe) already experienced security vulnerability(xsa-458) BEFORE qubes developer post that there are security vulnerability exist. I once frustrated by the irregular behavior of sys-usb : first was the 90%+(around 97 to 100) cpu usage rate, second was the extraordinary disk usage(around 4~5gb, as i aformentioned ). At the time i first acknoledge the fact that something is wrong with my computer, i couldn’t figure out why, but it turns out that my adversaries are willing to use security vulnerability for qubes, since they know i ise it.
  2. This is also kinda hard to prove, but i’m experiencing vast infiltration in electronic hardware. This includes kidnapping my access to youtube or webnovel(kinda pulp fiction) for their purpose of propaganda and threatening. I even expericned chatgpt recommend me a nested virtualization whem i open them that i use qubes os, which entails critical secirity vulnerability using qubes os. You could rationally doubt that i have mental disorders, but i’m already taking very high dosage of risperidone for years(although as my bipolar disorder has been disappeared since my meditation practice and psychodynamic counseling treatment), so regarding the effect of the medication which suppress the hallucination and delusion, i’m very very certain that my ‘suspicion’ is highly probable . I even know which url is dangerous to me, and when i experienced the attack, i always visited that site. I alsp know which person is related to me, but i can’t let you know the exact name since then my personal informationcan be identifiable.

So, assuming that my electronic devices are compromised, and assuming that there are some kind of agency or hacker group exist that has an ability to use qubes-specific vulneravility, and assuming that those groups are the same entity - which is able to detect whether i login into chatgpt, apple device, youtube, and so on - i can reasonably infer that such agencies only probable of doing such things are three digit agency.

OK, I’m not entirely sure what help you’re looking for. I see the original post asks to “specify which time i need to log on”. Based on the conclusions you have drawn I do not believe that time of day would be relevant to the problems you are experiencing, but I might be misinterpreting