Published Mar 06, 2018|Updated Mar 08, 2018


Severe |Detected with Windows Defender Antivirus

Aliases: No associated aliases


Windows Defender Antivirus  detects and removes this threat.

This sophisticated downloader has been observed to download Trojan:Win32/Dofoil.AB and Trojan:Win32/CoinMiner.D in the wild. It injects its code and runs hidden in system programs to avoid detection. 

On March 6, 2018, behavior monitoring and machine learning technologies in Windows Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign



Latest news