Opera Has Introduced a Way to Block ClickFix Attacks in Its Browser.

Earlier this year, security firm Huntress discovered a malicious browser extension that launched ClickFix attacks —a sophisticated attack designed to hijack your computer. In the ClickFix scheme, attackers trick you into installing their browser extension and then display a fake error message in your browser. This pop-up window offers a solution, often requiring you to copy a malicious command and run it in your device’s command line. Since then, the responsibility for preventing suspicious extensions from loading has fallen on users, but Opera is now adding ClickFix protection directly to its browser.
How Paste Protect Fights ClickFix Attacks
A feature called Paste Protect is designed to prevent code injection attacks like ClickFix. When Paste Protect believes you’ve been targeted by a ClickFix attack, it displays a pop-up warning you against copying malicious commands and offers a button to close the tab to avoid the attack. You can also click “Show Contents” to view the first 120 characters of a command if you want to verify what Paste Protect has flagged as malicious.
The Paste Protect feature allows you to bypass the block if you wish, using a red button labeled “Hold to copy (unsafe).” To copy the command, you’ll need to hold this button for more than five seconds. You’ll also have the option to always allow copying of code from a site you trust, which is useful if the feature accidentally blocks code from a legitimate site. The warning may be enough for most regular users to realize something is wrong, similar to how Apple and Microsoft protect you from installing untrusted apps on your computer. You’ll see a warning blocking the installation of such apps, but there’s an option to bypass it if you know what you’re doing and are confident it’s a false positive.
ClickFix attacks are quite sophisticated: they can display a fake captcha designed to fail verification and offer a “solution” in the form of malicious code that can be executed on your device. Opera claims to use detection methods specific to Linux, macOS, and Windows platforms to identify patterns associated with malicious scripts and block them using Paste Protect.
The Copy Protection feature is not the first such feature in Opera.
This isn’t Opera’s first security feature aimed at protecting users from malicious activity. For several years now, the browser has offered “Paste Protection,” which prevents websites from replacing your clipboard contents without your permission. This means that if you copy a URL, Opera won’t allow websites to change the copied link to a malicious URL. Paste Protection adds an additional layer of security to the browser.
While additional security features are more than welcome, vigilance is always the best defense against online fraud. Don’t install extensions or apps from developers you don’t know or trust; never click suspicious links, whether you found them online or someone shared them via SMS or email; and never copy code from the internet and paste it into your device’s command line unless you’re 100% sure what you’re doing.