Github copilot adding viruses to code

[coder-penguin-2012]

Select Topic Area

Question

Body

Today, Github copilot tried to add evogen which is a type of virus that installs other types of viruses and malware to your device. what do i do now?

[itsrakesshchauhan]

GitHub Copilot cannot install software or infect your machine by itself — it only generates code suggestions. If Copilot referenced something called “evogen,” that was just text in a suggestion, not something that executed automatically.

What to do:

• Do not run or execute any unfamiliar code Copilot suggests.
• Remove the suggested code if it references suspicious packages or tools.
• Run an antivirus/antimalware scan as a precaution.
• Review Copilot-generated code carefully, especially anything that installs dependencies or runs shell commands.

Copilot can sometimes hallucinate package names or unsafe examples, so its output should always be reviewed before use. If no code was executed, there is very likely no risk to your system.

[sahididrishi]

To add to @itsrakesshchauhan's excellent response:

Copilot cannot install viruses. Here's why:

What Copilot Does | What Copilot Cannot Do -- | -- Suggests code as text | Execute code on your machine Autocompletes based on patterns | Install packages automatically Generates code snippets | Access your file system

What likely happened: Copilot may have suggested code that references a package name like "evogen" - this is a hallucination (making up package names that sound plausible but may not exist or could be malicious if they do exist).

Action items:

1. ✅ Don't panic - if you didn't run the code, you're safe
2. ✅ Delete any suspicious suggested code
3. ✅ Never blindly install packages Copilot suggests - always verify on npm/PyPI first
4. ✅ Run antivirus scan if you did execute unknown code

Best practice: Always review Copilot suggestions before accepting, especially:

• npm install

   / 

  pip install

   commands
• Shell/terminal commands
• Code that downloads files or makes network requests

You're safe as long as you didn't execute the suggested code! 👍

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[FadelSM]

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1. Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2. Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3. Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.
Thank you for helping bring this Discussion to a resolution

[NitaKacung]

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1. Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2. Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3. Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.
Thank you for helping bring this Discussion to a resolution

[abhi478jeetur-rgb]

That definitely sounds worrying, and you’re right to be cautious here. The first thing to clarify is that GitHub Copilot itself does not run or install anything on your machine; it only suggests code. Nothing becomes dangerous until it’s actually executed or compiled in a context where it can do harm.
​

If Copilot suggested something that looks like a known piece of malware (like “evogen”), I would do the following:

Do not run or build that code at all. If you already did, disconnect from the network and run a full scan with a reputable antivirus/antimalware tool.

Remove the suspicious code from your project and check your commit history to make sure it isn’t stored in any branches you plan to deploy.

If this happened in a work/enterprise environment, notify your security team so they can review logs and monitor for any unusual activity.
​

As a general rule, treat AI‑generated code like any code copied from the internet: review it carefully, run security scans (static analysis, dependency scanners, etc.), and never blindly execute it—especially if it touches the filesystem, network, or process management. If you still have the exact prompt and generated snippet, it’s worth reporting it to GitHub Support so they can investigate and, if needed, add additional safeguards around that pattern

[krillmango]

ai is experimenting with self replication