
Opera has added a new security feature to its browser that stops a surprisingly simple but effective type of cyberattack. Called Paste Protect, it works by detecting malicious code before it ever reaches your clipboard, then blocking it and warning you about what just happened. According to Engadget, Opera is calling this the first native protection against ClickFix attacks built into any major browser.
ClickFix is the attack method Paste Protect is designed to stop. It works by disguising itself as a routine verification step, often a fake CAPTCHA prompt. When you click “I’m not a robot,” malicious code is silently copied to your clipboard. The fake prompt then tells you to press Win+R to open a run dialog, Ctrl+V to paste the code, and Enter to run it. Most people do it without thinking twice.
The consequences can be serious. Once run, the code typically connects to a remote server, downloads a file, and executes it. That file is often infostealer malware like Lumma Stealer, which can steal:
- Saved passwords
- Browser autofill data
- Session cookies used for auto-logins
- Other sensitive browser data
This matters beyond Opera users. ClickFix attacks accounted for more than half of all malware-loading cyberattacks in 2025, according to Opera’s own blog post citing security firm Seraph Secure. That makes it one of the most common active threats on the web right now, and the fact that no major browser had built-in protection against it until now is a real gap that needed filling.
Paste Protect addresses the problem at the exact moment it happens. When a website tries to copy a suspicious command to your clipboard, Opera intercepts it, blocks the copy action, and flags the address bar with a red icon. You can see the first 120 characters of the blocked command, which helps you judge whether it’s a genuine threat or a false positive. If you know a site is safe, you can mark it as trusted.
The feature works across Windows, macOS, and Linux, and it’s turned on by default. If you want to manage it manually, you can find it under Settings, then Privacy and Security, then Paste Protect. Opera says the update is rolling out to users by region, so it may not appear immediately for everyone.
Opera has built a reputation around adding features that other browsers leave to third-party extensions, including a built-in VPN and efficient memory management. Paste Protect follows that same approach. Whether other browsers like Chrome or Firefox will follow with their own versions remains to be seen, but the ClickFix threat is widespread enough that the pressure to do so will likely grow.