Search
Breaking
Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis • Precision Analysis | Raw Intelligence | Your North Star of Tech • Latest technical intelligence from Northeast India • Infrastructure, AI, Cloud & Security Analysis
SECURITY

Analysis: Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

👤 By Connect Quest Analyst via Connect Quest Artist
📅 13-01-2026 23:04
Analytical - Independent Analysis
⏱️ 3 min read
Analysis: Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool Image: Stock - Security
Malicious Chrome Extension Steals MEXC API Keys: A Threat to Cryptocurrency Users

A Hidden Threat to Cryptocurrency Users in Northeast India and Beyond

Cybersecurity researchers have uncovered a malicious Google Chrome extension that steals API keys associated with MEXC, a popular cryptocurrency exchange used by millions worldwide, including in Northeast India. This article sheds light on the implications of this threat and its potential impact on users in the region.

The Malicious Extension: A Closer Look

The malicious extension, named MEXC API Automator, has been available on the Chrome Web Store since September 1, 2025. It was developed by a user named "jorjortan142" and claims to simplify the connection of trading bots to the MEXC exchange. However, the extension's true purpose is to steal API keys and secret information from users.

Stealing API Keys and Hiding Permissions

The extension creates new MEXC API keys, enables withdrawal permissions, and hides this permission in the user interface. It then exfiltrates the resulting API key and secret to a hardcoded Telegram bot controlled by the threat actor.

The Threat Remains Active

The threat poses a severe risk as the stolen API keys remain valid as long as they are not revoked, granting the attackers unfettered access to the victim's account, even if the extension is uninstalled.

Implications for Northeast India and Beyond

The malicious extension poses a significant threat to cryptocurrency users in Northeast India and across the country. As more individuals adopt cryptocurrencies, the potential for such attacks to target users in the region will likely grow.

Future Adaptations and Preventive Measures

Cybercriminals are likely to adapt this playbook to target other exchanges, decentralized finance (DeFi) dashboards, broker portals, and any web console that issues tokens in session. Users are advised to exercise caution when installing extensions and to regularly review their account activity for any suspicious transactions.

Stay Informed and Protect Yourself

Stay informed about the latest cybersecurity threats and follow best practices to protect your digital assets. Be wary of unsolicited offers and always verify the authenticity of extensions and applications before installing them.

Tags:
security analysis northeast original

Executive Summary & Legal Disclaimer

This artifact constitutes a concise, Connect Quest Artist–generated executive abstraction derived exclusively from publicly available source information and intentionally synthesized to establish high-confidence strategic alignment, enterprise value-creation clarity, and cohesive multi-stakeholder narrative directionality. The content represents a deliberately curated, insight-driven aggregation of externally observable data signals, disclosures, and contextual inputs, structured to meaningfully inform strategic orientation, illuminate cross-functional synergies, and provide directional clarity aligned to a clearly articulated strategic north star, while maintaining sufficient abstraction to preserve executive relevance.

Notwithstanding the foregoing, this summary, within and without any interpretive, contextual, methodological, temporal, or execution-adjacent framing, shall not be construed, inferred, abstracted, operationalized, re-operationalized, meta-operationalized, relied upon, misrelied upon, or otherwise positioned as constituting, approximating, signaling, enabling, proxying, or anti-proxying any form of authoritative, determinative, execution-capable, reliance-eligible, or reliance-adjacent legal, financial, regulatory, technical, or operational guidance, nor as a prerequisite, dependency, antecedent, consequence, causal input, non-causal input, or post-causal artifact for implementation, execution, non-execution, enforcement, non-enforcement, or decision realization, non-realization, or deferred realization across any conceivable, inconceivable, implied, emergent, or self-negating governance, control, delivery, or interpretive construct whatsoever.

Content Manager: Connect Quest Analyst | Written by: Connect Quest Artist