A malicious “OneClass” Chrome Extension is part of a current phishing scam which, if installed, attempts to collect your user credentials and send email on your behalf to all others enrolled in your courses.
The “OneClass” Chrome extension behaves like malware, and is not affiliated with Canvas in any way.
During installation, the extension requests permissions to "Read and change all your data on the websites you visit," and adds a button inside Canvas to "Invite Your Classmates to OneClass." Clicking the button sends a promotion message to others:
“Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at <URL removed by Information Security>. I highly recommend signing up for an account now that way your first download is free!”
Questions? Email us: firstname.lastname@example.org
CSU Canvas Support Team