Security Advisory: Malicious Chrome Extension

Security Advisory: Malicious Chrome Extension

Tuesday, December 20, 2016

A Chrome Extension, OneClass, is part of an unauthorized application that could affect your Canvas account. If installed,  OneClass may masquerade as you to send email and attempt to collect your login credentials.

The OneClass Extension is not available directly in the Chrome Extensions Store but students at other institutions are being phished with an installation link in direct email messages. During installation, the extension requests permissions to "Read and change all your data on the websites you visit." Although OneClass is not affiliated with Canvas, when users install the browser extension, it displays a button in the browser window encouraging the user to "Invite Your Classmates to OneClass." If clicked, OneClass will use Canvas's Conversations tool ("Inbox") to email all the users in your courses and phish them to install the extension, too, using the following message:

"Hey guys, I just found some really helpful notes for the upcoming exams for University of Minnesota courses at <URL>. I highly recommend signing up for an account now that way your first download is free!"

Please DO NOT install this extension, and if you receive an email like the one above DO NOT click anything in the email, just delete the message. If you have already installed the OneClass extension in Chrome, please uninstall it immediately (for information on how to remove Chrome extensions, see the "Uninstall an extension" section in the document: https://support.google.com/chrome_webstore/answer/2664769).

We will continue to monitor this issue and provide updates to you as new information becomes available.