Opera Just Rolled Out a Way to Block ClickFix Attacks in Its Browser
"Paste Protect" blocks you from copying malicious code.
Pranay Parab Freelance Writer
Experience
Pranay Parab is an independent tech journalist based in Mumbai, India. He covers tech for Lifehacker, and specializes in tutorials and in-depth features.
July 2, 2026
Add as a preferred source on Google
Credit: Jakub Porzycki/NurPhoto via Getty Images
Key Takeaways
Opera just rolled out a new feature that aims to protect users from ClickFix attacks. "Paste Protect" stops you from copying malicious code when browsing the web. You can bypass the block if you wish, and you can whitelist sites you trust.Table of Contents
Earlier this year, security firm Huntress discovered a malicious browser extension that initiates ClickFix attacks, a sophisticated attack designed to take over your computer. In a ClickFix scheme, bad actors get you to install their browser extension, then display a fake error prompt in your browser. This pop-up offers a fix that often requires you to copy a malicious command and run it in the command prompt on your device. Since then, the onus has been on the user to avoid downloading suspicious extensions, but now Opera is adding ClickFix protections directly into its browser.
How "Paste Protect" fights against ClickFix attacks
The feature, called Paste Protect, is designed to stop code injection attacks such as ClickFix. When Paste Protect believes you are the target of a ClickFix attack, it displays a pop-up, warning you not to copy malicious commands, and offers a button to close the tab to sidestep the attack. You do have the option to click "Show content" to view the first 120 characters of the command, in case you want to review what Paste Protect flagged as malicious.
Paste Protect allows you to bypass the block if you wish, with a red button labeled "Hold to copy (unsafe)." To copy the command, you'll have to hold this button for over five seconds. You'll also have the option to always allow copying code from a site you trust, which is helpful in case the feature accidentally blocks code from a legitimate site. The warning may be enough for most casual users to realize that something's off, similar to how Apple and Microsoft protect you from installing untrustworthy apps on your computer. You'll see a warning that blocks you from installing those apps, but there's an option to bypass it if you know what you're doing and are confident that it's a false positive.
ClickFix attacks are quite sophisticated: They may show a fake captcha verification that's designed to fail, and offer a "solution" in the form of malicious code that you can run on your device. Opera claims it uses platform-specific detection techniques for Linux, macOS, and Windows to identify patterns associated with malicious scripts, and blocks them via Paste Protect.
What do you think so far?
Paste Protect isn't the first Opera feature of its kind
This isn't Opera's first security feature aimed at protecting users from malicious activity. The browser has offered a "Hijack Protection" feature for a few years, which prevents sites from replacing the contents of your clipboard without your permission. This means that if you copy a URL, Opera will stop sites from changing the copied link to a malicious URL. Paste Protect adds an extra layer of security to the browser.
While added security features are more than welcome, vigilance is always the best defense against online scams. Don't install extensions or apps from developers you don't know or trust; never click suspicious links, whether you find the on the web or someone shares them via text or email; and never copy code from the internet and paste it in your device's command prompt without being 100% sure of what you're doing.
The Download Newsletter Never miss a tech story
Jake Peterson
Get the latest tech news, reviews, and advice from Jake and the team.
The Download NewsletterNever miss a tech story. Get the latest tech news, reviews, and advice from Jake and the team.
ShanonG