Opera browser thinks it has the solution to stopping ClickFix malware attacks

The browser company is targeting a growing source of malicious links with its new Paste Protect feature

Opera browser logo and branding pictured on a smartphone screen placed on desk with pencils and art utensils.
(Image credit: Getty Images)

Opera has started to block ClickFix-style attacks in the browser by blocking malicious clipboard copy-and-paste techniques.

ClickFix pairs social engineering with a malicious code injection attack by fooling users into clicking a link, such as a fake CAPTCHA or similar familiar popup, starting a string of events that could compromise the device.

Opera cited a report by Huntress showing that ClickFix-style social engineering attacks make up 53% of all malware loader activity worldwide, underlining the scale of the threats faced by web users.

Last year, Proofpoint warned that state-sponsored hackers were turning to ClickFix techniques to target governments in particular.

Latest Videos From

To help battle that, Opera has introduced Paste Protect, a browser-native feature designed to prevent such attacks by stopping malicious code from being copied onto the clipboard, and notifying users when that happens.

"This means that if you’re accessing a website that is trying to copy something potentially harmful into your clipboard (or luring you into doing so), Opera will detect it, prevent it, and let you know about it," the company said in a blog post.

Opera said it is the first major browser to add this level of protection, though Microsoft Defender does notify users of ClickFix landing pages and there are extensions that do a similar job.

"Opera had already been protecting users from paste hijacking for half a decade — it made sense to expand that protection to address one of the most increasingly serious online threats," said Mohamed Salah, Senior Director of Product at Opera.

"Paste Protect gives your browser a robust early warning system that can alert less experienced users while still enabling more control for more tech-savvy users or developers."

The rise of ClickFix

ClickFix attacks work by fooling a user into clicking a box on a malicious popup, often by pretending to be a CAPTCHA or a "verify you're a human" box. That lets the dodgy website copy to the clipboard and open another window.

"When this prompt appears, the website has already 'copied' something to your clipboard, and now it instructs you to open the Windows Run dialog box (Win+R), then use 'Ctrl + V' to paste the malicious code, and then click 'OK'," the blog post noted. "This would execute the code and compromise your device, and the data on it."

Instead, Opera's Paste Protect examines the content being copied, and if concerned, blocks the code from being copied to the clipboard and notifies the user. They can then close the window without interacting.

"ClickFix attacks succeed because they turn the user into the weapon," said Pawel Kurzelewski, Head of Security at Opera.

"The clipboard is the last point before a malicious command is run, so that's where we built our defense. With Paste Protect, we're stopping these attacks at the exact moment they would normally succeed."

The Paste Protect system does mean that the Opera browser is scanning everything copied to the clipboard for potential threats or harmful commands. When those are spotted, the system displays a red warning icon.

Websites can be individually approved to circumvent these warnings if safe, and users can still check to see if a mistake has been made.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.

Nicole the author of a book about the history of technology, The Long History of the Future.