Opera activates Paste Protect, a function that prevents copying malicious code to the clipboard

Opera activates Paste Protect, a function that prevents copying malicious code to the clipboard

Opera has started block ClickFix type attacks directly from the browser, intercepting the malicious copy and paste technique that these attacks use to sneak into the victim’s computer. The company has introduced Paste Protecta native feature that monitors what is copied to the clipboard and alerts the user when it detects something suspicious.

The move comes at a time when this type of attack has become one of cybercriminals’ favorite methods of distributing malware. There is no need to download anything or click on an attachment: all it takes is for the victim to copy and paste a text that they believe to be harmless so that, without knowing it, they are executing harmful code on their own computer. That is precisely the blind spot that Opera wants to cover with this new layer of protection.

What is ClickFix and why is it so worrying?

ClickFix combines social engineering with a malicious code injection attack. The deception consists of making the user believe that they are completing a routine verification, such as a fake CAPTCHA or a pop-up window that pretends to be a legitimate process, so that they end up pasting a fragment of code into their system that compromises the device.

Opera has cited a report from Huntress, according to which ClickFix-style attacks already represent 53% of all malware uploader activity globallywhich gives an idea of ​​the magnitude of the problem. Last year, Proofpoint also warned that state-backed hacker groups were using this technique to specifically attack governments, confirming that this is not a minor phenomenon limited to clueless home users.

The way the deception works is simple and, precisely for that reason, effective.. When the false warning appears, the malicious website has already copied something to the user’s clipboard without the user noticing. The message then instructs you to open the Windows Run dialog box (using Win+R), paste the contents with Ctrl+V, and press OK. That last click is what triggers the execution of the malicious code and compromises both the computer and the data stored on it.

How Paste Protect works

To stop this type of attack, Opera has designed Paste Protect as a barrier located just before that critical step. The feature examines the content being copied to the clipboard and, if it detects anything potentially harmful, prevents the copy from completing and immediately notifies the user.

This means that if you’re accessing a website that’s trying to copy something potentially harmful to your clipboard (or tricking you into doing so), Opera will detect it, prevent it, and warn you.“, the company explained in an entry on its official blog.

The system continuously scans everything copied to the clipboard for threats or dangerous commands. When it finds something suspicious, it displays a red warning icon so the user knows exactly what is going on before it’s too late. The website in question can be closed without the need to interact with it further, and those who manage legitimate sites that may generate false positives have the option of approving them individually to prevent unnecessary notices from appearing. Users can also check if any detection errors have occurred.

Opera maintains that It is the first major browser to incorporate this level of specific protection against ClickFix. He clarifies, however, that Microsoft Defender already notifies users when it detects landing pages associated with this type of attack, and that there are third-party extensions that perform a similar function, although without direct integration into the browser itself.

Protection that extends a decade-long history

Mohamed Salah, Senior Product Manager at Operahas placed this novelty within a broader company strategy. “Opera had been protecting users from clipboard hijacking for half a decade, so it made sense to expand that protection to address one of the most serious and growing online threats.“he noted. Salah adds that Paste Protect “offers the browser a robust early warning system, capable of warning less experienced users while still offering more control to technical profiles or developers”.

For its part, Pawel Kurzelewski, head of security at Operahas placed the emphasis on the exact moment in which the new function acts. “ClickFix attacks are successful because they turn the user into the weapon”he explained. “The clipboard is the last point before a malicious command is executed, so that’s where we’ve built our defense. With Paste Protect, we stop these attacks right at the moment they would normally succeed”.

That a mass-market browser like Opera incorporates this protection as standard, without depending on additional extensions, is a relevant step because it moves the defense to the point where most of these attacks really begin: web browsing itself. While the average user is not always able to distinguish a legitimate CAPTCHA from a fraudulent one, having a system that automatically analyzes what is copied to the clipboard significantly reduces the margin for human error, which remains the weakest link in these types of attacks.

It remains to be seen whether other major browsers will follow the same path in the short term, especially given the percentage of malicious activity that ClickFix already represents globally. For now, Opera is ahead with a solution integrated directly into the software, without depending on third parties or additional configurations by the user.