OneClass Behaves Like Malware
December 20, 2016Instructure has issued a security advisory to inform Canvas users about a Chrome browser extension that behaves like malware being distributed via phishing emails. The OneClass Chrome Extension attempts to collect users’ usernames and passwords, attempts to gather course information, and also attempts to email the users’ classmates with additional links to the extension. OneClass is not affiliated with Instructure in any way.
When a user installs the OneClass Chrome extension, it asks for permission to “read and change all your data on websites you visit.” If a user grants this permission, the plugin places a button in the user’s LMS (Canvas or other) labeled “Invite your classmates to OneClass.” If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course via the LMS’s messaging system (for Canvas, that’s Conversations). Each message says:
"Hey guys, I just found some really helpful notes for the upcoming exams for
Do not install this extension! Do not respond to the messages or go to the website included in the messages. Delete these messages immediately!
If you already installed the extension, below are the instructions to remove the extension:
1. Open up your Chrome Browser.
2. Select the 3 vertical dots in the top right-hand corner.
3. Select Settings.
4. Select Extensions in the top left-hand corner.
5. Click the Trashcan beside the “OneClass Easy Invite” extension.
6. Select Remove on the Confirm Removal Popup.
7. Close all Chrome windows and go back to the Extensions page to verify the extension has been removed (Steps 1-4)
If you need help removing this extension, please contact the Baylor University Help Desk immediately for assistance uninstalling this Chrome extension via email at firstname.lastname@example.org or via phone at 254-710-HELP.