Report: Malicious Chrome extension masquerades as a trading tool to steal users' MEXC API keys

PANews reported on January 14 that, according to a report by the Socket Threat Research Team, a malicious Chrome extension called "MEXC API Automator" has been available on the Chrome Web Store since September 1, 2025. This extension can steal newly created API keys from the cryptocurrency exchange MEXC and send them to a Telegram bot controlled by attackers.

This extension uses transaction automation as bait, automatically generating a MEXC API key with withdrawal permissions without the user's knowledge, hiding this permission from the interface, and then leaking the key and its encrypted data. Attackers can then gain complete control of the victim's MEXC account, executing transactions, initiating automatic withdrawals, and transferring assets within the account. As of the time of this report's publication, the extension is still available for download in the Chrome Web Store, and the research team has notified Google and flagged the extension.