December 9, 2023

Opera is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping. Introduced the new feature in development version 83,

Paste Protection works automatically, monitoring the clipboard for sensitive data and locking it once it is added. When the user copies a sensitive piece of information, a pop-up appears on the right corner to warn them that the content has been secured.

Advertisements

Developers shared at this early development phase, the browser will display a new warning if an external application manages to change the clipboard content.

For Instance, IBAN and Bitcoin wallet addresses qualify as sensitive data that require protection, but strangely, credit card numbers, email addresses, long passwords, and SSNs aren’t treated as such. More types of data will likely be added to the Paste Protection monitoring scheme when the feature is ready to be rolled out in future stable Opera versions.

Clipboard protection is an important security feature that all web browsers should copy as it protects users from various malware infections that attempt to hijack a clipboard.

Clipboard hijackers are malware that replaces a copied cryptocurrency wallet address, which is the intended payment destination, with one controlled by the threat actor. Most people don’t memorize cryptocurrency addresses, so the coins or tokens will be sent to the threat actors’ wallets. Users only realize the mistake when the assets don’t appear at the intended address.

Advertisements

Secondly, information disclosure through clipboard data capturing is a common feature in many information stealers, so that the data exfiltration channel is also shut.

Even if Opera’s new feature finds widespread adoption among other browsers, it is still advisable to manually validate the contents of pasted data, especially when performing financial transactions.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d