ClickArmor

Blocks ClickFix clipboard hijacks locally in real time (100% on-device).

ClickArmor protects you from social engineering attacks in real time — both ClickFix clipboard hijacks and credential phishing pages that impersonate trusted brands. --ClickFix Protection: Monitors clipboard activity and analyzes page behavior in real time, catching attacks at multiple stages — from the fake lure to the malicious payload hitting your clipboard. When a threat is detected, ClickArmor wipes the clipboard and shows a detailed warning. Detects: 1. Fake CAPTCHA and human verification pages that instruct you to run commands 2. Fake browser update screens with simulated download progress 3. Obfuscated script loaders that fetch payloads from remote C2 servers 4. Clipboard hijacking via writeText, execCommand, and DataTransfer APIs 5. Hidden command payloads embedded in page elements 6. Multi-stage attacks that replace the page via document.write() 7. Homoglyph and Unicode evasion techniques (Cyrillic lookalikes, zero-width characters) --Credential Phishing Protection: Scans pages for login forms impersonating major brands on domains that don't belong to them. If you land on a fake Microsoft, Google, PayPal, or bank login page, ClickArmor shows a full-screen warning identifying the impersonated brand and the real domain you should be on. Detects brand impersonation hosted on legitimate platforms like Google Docs, Forms & SharePoint. How it works: 1. Page-level scanning identifies social engineering signals and brand impersonation 2. Clipboard hooks intercept write attempts before payloads reach your clipboard 3. Form analysis detects credential harvesting on unofficial domains 4. If the threat scores above threshold, a warning overlay is displayed 5. You choose: leave the site, whitelist it, or continue at your own risk Privacy first: All detection runs 100% on-device. No telemetry, no cloud lookups, no data collection. Your browsing activity stays entirely in your browser. Validated against 56,000+ real-world phishing URLs from PhishTank and 5,000+ ClickFix domains from ThreatFox. Currently in public testing — if you find a bypass, please report it so detection can keep improving.