Report: Malicious Chrome extension masquerades as a trading tool to steal users' MEXC API keys

A malicious Chrome extension called "MEXC API Automator" has been available on the Chrome Web Store since September 1, 2025. It can steal newly created API keys on the cryptocurrency exchange MEXC and send them to a Telegram bot controlled by attackers.