Opera has added a new Paste Protect security feature to its browser, designed to protect users from clipboard-based attacks. The company calls it the first native protection system in a major browser against ClickFix attacks, a scheme that, according to Opera, was used in more than half of malware download attacks in 2025.
ClickFix looks deceptively simple. A user lands on a site with a fake check, such as a CAPTCHA, and clicks an “I’m not a robot” button. At that moment, the site copies a malicious command to the clipboard and then shows an instruction that supposedly completes the check: for example, open the Run window with Win+R, paste the command with Ctrl+V, and press Enter.
That command can send the computer to a specified site, download a file, and launch it. Malicious code often uses commands such as mshta, hides behind extra characters, and can ultimately install an infostealer such as Lumma Stealer. This kind of software can steal saved passwords, autofill data, cookies for automatic sign-ins, and other sensitive information.
Paste Protect tries to stop the attack before the command even reaches the clipboard. The feature detects malicious scripts for Windows, macOS, and Linux, blocks copying, warns the user, and marks the address bar with a red icon. When needed, the first 120 characters of the command can be viewed, and a site can be added to a safe list if the warning turns out to be false.
The feature is enabled by default and will gradually appear for Opera users in different regions. It can be managed in the browser settings: Settings, Privacy & Security, Paste Protect.