Dec. 12, 2016 – Blackboard is reporting a malicious OneClass Chrome extension that can send e-mail on a user’s behalf and also tries to collect user credentials. Wentworth’s Blackboard system is affected by this extension.

Blackboard has provided the following information (Caution, DO NOT VISIT either of the links below):

The OneClass Chrome Extension is not available directly via search in the Chrome Extensions Store and students are being phished with the following link to install it:

https://chrome.google.com/webstore/detail/oneclass-easy-invite/aamdmgbfnjpdfkjjbobpkhnhpcmolpja

During installation, the extension requests permissions to “Read and change all your data on the websites you visit”.  However, students may not closely read or fully understand the requested permissions before accepting them.  The extension adds a button inside the Learn pages to “Invite Your Classmates to OneClass”.

The plugin will email all the students in a students’ class (utilizing Learn URLs and resources, which are functioning as designed) to promote the OneClass plugin/product.  The plugin also has code that attempts to collect and send the users’ credentials (both username and password).  We are in the process of determining if the code is successful in doing so.

The mail content is:

“Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at https://oneclass.com/s/signup.  I highly recommend signing up for an account now that way your first download is free!”

IF you receive an e-mail that follows this pattern, DO NOT download and install the extension. Blackboard is working on a mechanism to mitigate this vulnerability. Wentworth will install any related patches/updates as soon as feasible.