Malicious Chrome extension disguises trading tool to steal MEXC API keys

The Socket Threat Research Team, a security agency, reported that a malicious Chrome extension called "MEXC API Automator" will be launched on the Chrome App Store from September 1, 2025. It is capable of stealing API keys newly created by users on the cryptocurrency exchange MEXC and sending them to Telegram bots controlled by attackers. This extension uses transaction automation as bait, generates API keys with withdrawal permissions without user consent, hides relevant permission displays in the interface, and then leaks the keys through ciphertext. Attackers can use this key to completely control the victim's account, execute transactions, initiate automatic withdrawals, and transfer assets. As of the report release, the extension can still be downloaded from the Chrome App Store, and the research team has informed Google and marked this extension.