Malicious Chrome Extension Targets MEXC Crypto Exchange Users Cybersecurity researchers have identified a malicious Google Chrome extension, MEXC API Automator, designed to steal API keys from users of MEXC, a centralized cryptocurrency exchange (CEX) serving over 170 countries. Disguised as a legitimate trading automation tool, the extension (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh) covertly harvests sensitive credentials, enabling unauthorized access to victims' exchange accounts. Despite its low download count just 29 installations the extension remains active, posing an ongoing threat. API keys, which grant access to trading accounts, are prime targets for attackers seeking to execute fraudulent transactions. The incident highlights the risks of third-party browser extensions, particularly in the cryptocurrency space where financial assets are at stake. Users who installed the extension are advised to remove it immediately and reset their API keys to prevent potential breaches. The discovery underscores the importance of verifying extension authenticity, scrutinizing permissions, and conducting regular security audits to mitigate similar threats.