Skip to content

Canvas Information and Resources

Security Advisory: Malicious “OneClass” Chrome plugin extension

A malicious “OneClass” Chrome Extension is part of a current phishing scam which, if installed, attempts to collect your user credentials and send email on your behalf to all others enrolled in your courses.

Do NOT install the extension and do NOT click on anything in the email
– Just delete it!

The “OneClass” Chrome extension behaves like malware, and is not affiliated with Canvas in any way.

During installation, the extension requests permissions to "Read and change all your data on the websites you visit," and adds a button inside Canvas to "Invite Your Classmates to OneClass." Clicking the button sends a promotion message to others:

“Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at <URL removed by Information Security>.  I highly recommend signing up for an account now that way your first download is free!”

If you already installed the extension, remove it:

  1. Open up your Chrome Browser
  2. Select the 3 vertical dots in the top right-hand corner
  3. Select Settings
  4. Select Extensions in the top left-hand corner
  5. Click the Trashcan beside the “OneClass Easy Invite” extension
  6. Select Remove on the Confirm Removal Popup
  7. Close all Chrome windows and go back to the Extensions page to verify the extension has been removed (Steps 1-4)

Once you have removed this extension, please change your CSU eID login password immediately.

Questions? Email us:

CSU Canvas Support Team