Opera Debuts Paste Protect to Counter ClickFix Social Engineering Attacks

Opera's new Paste Protect feature blocks malicious clipboard commands before they can be pasted into terminals, countering the growing ClickFix social engineering attack trend.

CSBadmin
2 Min Read

How Paste Protect Works

Opera has introduced a new security feature called Paste Protect, designed to thwart ClickFix style attacks that rely on social engineering to trick users into copying and executing malicious code. These attacks commonly present fake verification prompts or troubleshooting instructions that deceive victims into pasting dangerous commands into a terminal or command line interface. Once executed, the commands run with the user’s own privileges, often bypassing existing security defenses and leading to the installation of information stealing malware.

Paste Protect builds on Opera’s existing Hijack protection, which was released in 2021 to detect external attempts to swap clipboard content (such as URLs or banking details) with malicious alternatives. The new feature adds an Injection protection component that scans copied content for patterns typical of malicious scripts, blocking the copy operation before the dangerous data reaches the clipboard. This works whether the action is initiated by the user or by a website the user visits.

Impact and Scope

The feature is enabled by default in the latest Opera release and supports Windows, macOS, and Linux. When Paste Protect detects suspicious clipboard content, it blocks the copy action, displays a warning popup, and shows a red security indicator in the browser’s address bar. Users can view the first 120 characters of the blocked script and may optionally approve the copy after a five second timeout. For legitimate use cases, such as developers regularly copying scripts from trusted sources like GitHub, Opera allows users to create allow lists for specific websites.

Opera’s move mirrors a similar initiative by Apple, which recently added a feature to its Terminal app to detect risky pastes. This trend highlights the growing prevalence of ClickFix attacks, which have become a favored method for threat actors to deliver malware. Users are advised to treat all unsolicited prompts to execute commands with suspicion and to avoid running code found online unless they fully understand its purpose.

Source: BleepingComputer

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.