Published 3 days ago • loading... • Updated 3 days ago
Opera Rolls Out Paste Protect Feature to Fight ClickFix Attacks
Opera says over half of malware-loading cyber attacks in 2025 used ClickFix tactics, and the browser now blocks malicious clipboard commands by default.
On Thursday, Opera launched Paste Protect to block ClickFix attacks, a social engineering technique that cybersecurity firm Huntress reports now accounts for over 53% of malware-loading cyber attacks.
ClickFix exploits user problem-solving by presenting fake error messages or CAPTCHA prompts requesting users to copy and paste commands, which can install malware, steal passwords, or grant remote access when executed.
Opera's defense monitors clipboard content in real time across Windows, macOS, and Linux against patterns associated with malicious scripts. Pawel Kurzelewski, head of security at Opera, said "The clipboard is the last point before a malicious command is run, so that's where we built our defense."
When suspicious content is detected, the system blocks the copy action and displays a warning with a red icon in the address bar. Paste Protect combines existing Hijack Protection with new Injection Protection to prevent unauthorized clipboard swapping of sensitive data.
Unlike Chrome, which requires third-party extensions, Opera is the first major browser with native clipboard defense enabled by default. Developers can override blocks with a five-second hold or whitelist trusted sites like GitHub through settings.