Disclosed herein are systems and method for automated malicious code replacement. In one exemplary aspect, a method may comprise scanning for malicious content in a file comprising a script written in an interpretable programming language, wherein the malicious content triggers malicious activity on a computing device that stores the file. The method may comprise detecting a malware injection in the file based on the scanning, wherein the malware injection comprises at least one operator that enables the malicious activity. The method may comprise identifying a benign operator that can replace the at least one operator to prevent execution of the malicious activity without causing a syntax error. The method may comprise updating the file by replacing the at least one operator with the benign operator.