For users of the Google Chrome Web browser, there is currently a malicious Chrome Extension that is being used as part of a phishing attempt. If the extension is installed it may attempt to send an additional phishing email on a student’s behalf while also attempting to collect user credentials.
The malicious Chrome Extension is not currently available directly via search in the Chrome Extensions Store. Rather, students are being phished directly with a link similar to the following to install it:
During installation, the extension requests permissions to “Read and change all your data on the websites you visit”. This malware installation process focuses on users’ tendency to accept terms without reading. The extension will then add an apparent button inside of Blackboard Learn pages, seen only to the infected user, to “Invite Your Classmates to …Class”.
The plugin will then attempt to email all of the students in the infected user’s class (utilizing Blackboard URLs and resources, which are functioning as designed) to promote the plugin/product. The plugin also has code that attempts to collect and send the sender’s user credentials (both username and password) to a third-party. Blackboard Corporation is in the process of determining if the code could be successful in doing so.
The content of the email currently being generated by this malicious Chrome extension is similar to:
“Hey guys, I just found some really helpful notes for the upcoming exams for … courses at https://…class.com/s/signup. I highly recommend signing up for an account now that way your first download is free!”
Please DO NOT install this extension. If you receive an email similar to the above please inform the ITS Help Desk and then delete the email.
If you have any questions or require further information, please contact the ITS Helpdesk ITSHelpdesk@niagaracollege.ca or call 905-735-2211 x7642.