Here's a pic of the popup https://discussions.apple.com/thread/254241562?sortBy=best . To me, it sounds trivial to name your malware app "System Update", and that's probably the best thing to name it. So you can't know who or what is requesting full root access, completely out of the blue, unless maybe it says somewhere deep in Activity Monitor. My habit is to always close it, and if I want to update, go to System Update myself. Then at least I know I probably triggered the popup.