Opera’s Paste Protect blocks clipboard malware attacks

Opera has launched Paste Protect, a security feature that stops clipboard-based cyberattacks. It targets a rising threat known as ClickFix clipboard attacks.
ClickFix attacks accounted for over half of malware loading cyberattacks in 2025. They work by injecting malicious code into the clipboard when users click verification buttons like “I’m not a robot.” That code can run commands such as “mshta” to launch malware, including strains like Lumma Stealer.
Paste Protect is the first native browser defense against these attacks. It detects malicious scripts targeting Windows, macOS, and Linux, blocks the copy action, and warns users before any damage occurs.
The feature flags risky sites with a red icon in the address bar. Users can review the first 120 characters of blocked commands and mark sites as safe if they trust them. Paste Protect is enabled by default in Opera’s desktop browsers starting with the 134.0.5945.0 developer update, released June 23, 2026.
“With Paste Protect, Opera becomes the first major browser to include a native protection and warning system against ClickFix-based cyberattacks, which accounted for over half of malware loading cyber attacks in 2025,” the company said.
Pawel Kurzelewski, Opera’s Head of Security, adds, “ClickFix attacks succeed because they turn the user into the weapon.” Mohamed Salah, Senior Director of Product, called Paste Protect a “robust early warning system” that balances alerts for less experienced users with control for developers and power users.
Cybersecurity firms like ESET have reported a surge in ClickFix attacks. Microsoft named ClickFix a major initial-access vector in its Digital Defense Report. Security researchers have dissected these API-driven malware techniques, highlighting their growing threat.
Meanwhile, Google’s Chrome browser — with its 3.5 billion users — still faces its own security challenges. Last year, Google patched 151 security flaws in Chrome, 22 of which were critical. Four critical flaws earned $102,000 in bug bounty rewards, but no native clipboard attack defenses like Paste Protect have appeared.
Opera’s move sets a new standard for browser security against clipboard exploits. Users no longer have to rely on external plugins or manual vigilance to block these stealthy, user-triggered attacks.
Based on
- Opera’s new security feature stops copy paste attacks from malicious websites — engadget.com
- Opera blocks ClickFix attacks with new clipboard protection feature – Help Net Security — helpnetsecurity.com
- Opera 134.0.5945.0 developer update – Blog | Opera Desktop — blogs.opera.com
- Chrome Update: 151 Security Flaws Fixed, 22 Critical – How to Stay Safe (2026) — hillcrestgolfohio.com
- API-Driven Malware Exposed | Security News — cyberwebspider.com




