Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MEXC API Automator malicious Chrome extension steals MEXC API keys

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

MEXC API Automator is a malicious Chrome extension that steals MEXC API keys from authenticated browser sessions and can give attackers control over reachable wallets and balances. It creates new keys with withdrawal permissions, hides that permission in the UI, and sends the Access Key and Secret Key to a hardcoded Telegram bot. Because the keys remain valid until revoked, the abuse can persist even after the extension is removed.

Related Happenings

Chrome Web Store malicious extensions coordinated campaign using shared C2

Campaign
First: 14.04.2026 23:33 Last: 14.04.2026 23:33 Sources 1

About this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...

Open Happening

QuickLens - Search Screen with Google Lens hit by network compromise

Incident
First: 28.02.2026 21:18 Last: 28.02.2026 21:18 Sources 1

About this happening: The **QuickLens - Search Screen with Google Lens** Chrome extension was **compromised** and used to **push malware** to about **7,000 users**, creating risk of **credential theft*...

Open Happening

Fake AI assistant Chrome extension malware activity

Malware Activity
First: 16.02.2026 16:00 Last: 16.02.2026 16:00 Sources 1

About this happening: A cluster of **30 malicious Chrome extensions** posing as **AI assistants** is stealing **email content** and other sensitive data from **Chrome users**, creating a broad browser-...

Open Happening

CL Suite Chrome extension stealing Meta Business data

Malware Activity
First: 13.02.2026 13:25 Last: 13.02.2026 13:25 Sources 1

About this happening: The **CL Suite** Chrome extension is exfiltrating **TOTP seeds**, **current 2FA codes**, and **Meta Business** data from **Meta Business Suite** and **Facebook Business Manager**...

Open Happening

AiFrame malicious Chrome extension spraying operation

Malware Activity
First: 13.02.2026 13:25 Last: 13.02.2026 13:25 Sources 1

About this happening: The **AiFrame** operation spread fake **Chrome** AI assistants that delivered malicious extensions, putting **over 260,000 Google Chrome users** at risk of **credential theft**, e...

Open Happening

Timeline

  2. 13.01.2026 19:22 1 articles · 4mo ago

    MEXC API Automator first published

    Untyped Phase

    A malicious Google Chrome extension named MEXC API Automator was first published on September 1, 2025, on the Chrome Web Store, where it posed as a trading helper for MEXC while requesting API-key generation and withdrawal-related permissions.

    Show sources
    Open in new tab
  3. 13.01.2026 19:22 2 articles · 4mo ago

    Researchers disclose MEXC API key theft extension

    Initial Disclosure

    Cybersecurity researchers disclosed on January 13, 2026 that MEXC API Automator injects script.js into the authenticated MEXC API management page, creates new API keys, enables withdrawal permissions, hides that setting in the UI, and exfiltrates the Access Key and Secret Key to a hardcoded Telegram bot.

    Show sources
    Open in new tab