Report: Malicious Chrome extension masquerades as a trading tool to steal users' MEXC API keys

PANews reported on January 14 that, according to a report by the Socket Threat Research Team, a malicious Chrome extension called "MEXC API Automator" has been available on the Chrome Web Store since September 1, 2025. This extension can steal newly created API keys from the cryptocurrency exchange MEXC and send them to a Telegram bot controlled by attackers.

This extension uses transaction automation as bait, automatically generating a MEXC API key with withdrawal permissions without the user's knowledge, hiding this permission from the interface, and then leaking the key and its encrypted data. Attackers can then gain complete control of the victim's MEXC account, executing transactions, initiating automatic withdrawals, and transferring assets within the account. As of the time of this report's publication, the extension is still available for download in the Chrome Web Store, and the research team has notified Google and flagged the extension.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
5 hour ago
7 hour ago
12 hour ago
13 hour ago
17 hour ago
18 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读