DDoS:Win32/Dofoil.A is a trojan that connects to a remote website to download and execute arbitrary files. It may also receive instructions from the remote server to perform distributed denial-of-service (DDoS) attacks against certain websites.

On March 6, 2018, behavior monitoring and machine learning technologies in Microsoft Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign