Push Security, a leader in browser-based detection and response, announced the release of a new feature designed to tackle one of the fastest-growing cyber threats: ClickFix-style attacks. The company’s latest innovation, malicious copy-and-paste detection, blocks users from copying malicious scripts in their web browser — preventing them from being run on machines, and cutting off attackers at the earliest opportunity.

“Existing email and network security tools struggle to detect it during delivery, and endpoint controls are being routinely bypassed during execution. Our new feature changes the game by stopping these attacks right where they start: in the browser.”

Push Security’s malicious copy-and-paste detection identifies and blocks the exact user action that makes ClickFix possible. By monitoring copy events in the browser, Push can distinguish legitimate activity, such as code copied from GitHub or SIEM tools, from malicious scripts. This approach ensures high-fidelity alerts and minimal false positives without disrupting employee workflows or productivity.

Cyber Technology Insights : Evolver Launches SHIELD, a Crypto-Agile Defense for Quantum-Era Attacks

“ClickFix is now one of the most effective ways attackers have at their disposal to steal business data and disrupt operations,” said Jacques Louw, chief product officer at Push Security. “Existing email and network security tools struggle to detect it during delivery, and endpoint controls are being routinely bypassed during execution. Our new feature changes the game by stopping these attacks right where they start: in the browser.”

ClickFix, also known as fake CAPTCHA attacks with variants like FileFix, has rapidly become a go-to technique for cybercriminals. Reports show a 400% year-over-year increase in ClickFix attacks, with a separate study citing a 517% surge in just the last six months. The attack method is frequently leveraged by groups such as Interlock ransomware and has been linked to several high-profile enterprise breaches in a variety of industries including financial services, healthcare, and retail as well as state and local government.

Unlike traditional phishing, ClickFix attacks manipulate victims into copying malicious code from a fake web challenge, such as a CAPTCHA or “page error,” and running it locally. From there, attackers deliver malware, steal credentials and session cookies, and often deploy ransomware for double extortion.

“We see attack techniques like ClickFix evolve faster than traditional defenses can keep up. So for us, it is key to study attacker behavior in depth and design protections around the actions they can’t avoid,” said Louw. “This research-driven approach allows us to deliver practical, universally effective controls that other vendors often overlook, and it’s what we believe sets us apart as a true innovator in browser security.”

Cyber Technology Insights : SixMap Launches New Capabilities to Strengthen Cyber Defense Against AI-Driven Attacks

Key benefits of Push’s malicious copy-and-paste detection include:

  • Universal protection: Effective across all ClickFix variants, regardless of lure type, delivery channel, or malware payload.
  • Seamless user experience: Unlike heavy-handed endpoint or DLP controls, Push protects without blocking legitimate copy-paste activity.
  • Early intervention: Stops attackers before malware delivery, rather than relying on endpoint detection after the fact.

This new feature adds another layer to Push Security’s browser-based defense platform, which already protects organizations against phishing, session hijacking, credential stuffing, malicious browser extensions, malicious OAuth integrations, and other browser-based attacks.

Cyber Technology Insights : Commvault and Delinea Partner to Strengthen Defense Against Credential Attacks

Source: businesswire

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com