AI & TechCybersecurityNewswireTechnology

Opera’s new clipboard protection blocks ClickFix attacks

Originally published on: July 3, 2026
▼ Summary

– Opera launched Paste Protect, a clipboard security feature that defends against clipboard-based attacks like hijacking and pastejacking, including ClickFix attacks which caused over half of malware-delivery attacks in 2025.
– The feature is built into Opera’s desktop browsers and enabled by default, requiring no user setup for automatic protection.
– ClickFix attacks trick users into copying and pasting commands into their terminal, which can install malware or steal data, bypassing antivirus and email filters.
– Paste Protect combines existing Hijack Protection with new Injection Protection, which monitors clipboard activity on Windows, macOS, and Linux for malicious script patterns.
– When a threat is detected, the copy action is blocked, a warning is shown, and users can view the first 120 characters of blocked content; developers can override the block for trusted sources.

Opera has introduced Paste Protect, a new clipboard security feature designed to block clipboard-based attacks like hijacking and pastejacking. The tool specifically targets ClickFix attacks, which accounted for over half of all malware-delivery incidents in 2025. The feature is built into Opera’s desktop browsers and activates automatically, requiring no user setup.

A typical ClickFix attack begins innocuously. A video fails to play, or a CAPTCHA refuses to verify your humanity. A pop-up then offers a solution, instructing you to copy a short command and paste it into your terminal. It looks like harmless troubleshooting. In truth, that command can install malware, steal saved passwords, or grant an attacker remote access to your machine. The user executes the attack themselves, on their own device.

ClickFix’s effectiveness lies in its ability to bypass most existing defenses. Antivirus software and email filters are designed to catch threats arriving from outside, not commands a user types or pastes in themselves. According to cybersecurity firm Huntress, ClickFix now accounts for over 53% of this type of malicious activity.

“ClickFix attacks succeed because they turn the user into the weapon,” said Pawel Kurzelewski, Head of Security at Opera. “The clipboard is the last point before a malicious command is run, so that’s where we built our defense. With Paste Protect, we’re stopping these attacks at the exact moment they would normally succeed.”

“Opera had already been protecting users from paste hijacking for half a decade – it made sense to expand that protection to address one of the most increasingly serious online threats,” said Mohamed Salah, Senior Director of Product at Opera. “Paste Protect gives your browser a robust early warning system that can alert less experienced users while still enabling more control for more tech-savvy users or developers.”

Paste Protect combines Opera’s existing Hijack Protection with a new Injection Protection component. Hijack Protection prevents external applications from secretly replacing clipboard contents with malicious data, such as a different bank account number or cryptocurrency wallet address.

The new Injection Protection monitors clipboard activity in real time for potentially dangerous commands copied by the user or placed on the clipboard by a website. It uses detection techniques tailored to Windows, macOS, and Linux to identify patterns associated with malicious scripts.

If a threat is detected, the copy action is blocked immediately. A warning explains what happened, and a red icon appears in the address bar. Users can view the first 120 characters of the blocked content. Developers working with trusted sources can override the block or mark specific websites as safe.

(Source: Help Net Security)

Topics

clipboard protection 98% clickfix attacks 95% malware delivery 90% browser security 88% user empowerment 82% hijack protection 80% injection protection 78% cyberattack trends 75% password theft 70% Real-Time Monitoring 68%