Skip to content
Tech News
← Back to articles

Opera's new security feature stops copy paste attacks from malicious websites

read original more articles
Why This Matters

Opera's new Paste Protect feature enhances browser security by preventing malicious clipboard attacks like ClickFix, which can lead to malware infections and data theft. This native protection marks a significant step forward in safeguarding users from evolving cyber threats directly within the browser environment. As cyberattacks become more sophisticated, such integrated security measures are crucial for protecting consumer data and maintaining trust in web browsing tools.

Key Takeaways

Opera has introduced a new safety feature that protects against malicious clipboard attacks, the browser company announced. "With Paste Protect, Opera becomes the first major browser to include a native protection and warning system against ClickFix-based cyberattacks, which accounted for over half of malware loading cyber attacks in 2025," the company wrote in a blog post.

"What the heck is ClickFix?" I hear you asking. Seraph Secure describes it as a "surprisingly ordinary" attack that doesn't rely on "scary warnings." Often under the guise of a Captcha prompt, ClickFix copies malicious code into your computer's clipboard when you click the "I'm not a robot" or similar button. It then brings up a set of instructions ostensibly to complete the verification, like telling you to press "Win+R" to open a run dialog, "Ctrl-V" to paste the bad code and "Enter" to run it.

The copied code will often tell your computer to go to a specified website, grab a file and run it, with code that includes commands like "mshta." It can also be hidden or disguised by extra characters. Once you've run the code, the command can run "infostealer" malware like Lumma Stealer that can compromise saved passwords, browser autofill data, cookies for auto-logins and more.

This can be stopped at the source if your browser spots the malicious command before it enters your clipboard, and that's where Opera's Paste Protect feature comes in. It detects malicious scripts tailored to Windows, macOS and Linux, blocks the copy action and and warns you about what just happened, while flagging the address bar with a red icon. Users can see the first 120 command characters and mark sites as safe in the case of a false positive.

If you're unfamiliar with the Opera browser, it's best known for efficient memory use and free built-in VPN. Paste Protect is activated by default, but you can toggle it on or off in the browser "Settings," "Privacy & Security," "Paste Protect." If you're an Opera user, the update should be rolling out to your region soon.