Cybersecurity experts have uncovered a malicious Chrome extension that steals API keys from the MEXC cryptocurrency exchange by exploiting a browser session. This threat can enable attackers to control user accounts, execute trades, and drain wallets, highlighting the risks of browser-based attacks on crypto platforms. #MEXC #APIKeyTheft
Keypoints
- An infected Chrome extension named MEXC API Automator creates and exfiltrates API keys with withdrawal permissions.
- The extension operates within authenticated MEXC sessions, bypassing the need for login credentials.
- API keys are secretly generated and sent to a Telegram bot controlled by threat actors.
- The malicious extension remains active as long as the API keys are valid, even if uninstalled.
- The attack leverages browser sessions and can be adapted to target other web-based trading platforms.
Read More: https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.html