From zdnet.com
![](https://www.zdnet.com/a/hub/i/r/2020/11/10/2f3ae9ff-e636-4978-9a3e-e0a0f5234802/thumbnail/770x578/ae1b467b5bfa7414f56c952036e626dc/istock-701249404-21.jpg)
Microsoft has continued its analysis of the LemonDuck malware, known for installing crypto-miners in enterprise environments. It makes a strong case for why it is worth removing it from your network.
This group, according to Microsoft, has a well-stocked arsenal of hacking tools, tricks and exploits aimed at one thing: for their malware to retain exclusive access to a compromised network for as long as possible.
While crypto-mining malware could be just a nuisance, LemonDuck attributes suggest the attacker group really do try to own compromised networks by disabling anti-malware, removing rival malware, and even automatically patching vulnerabilities — a competitive effort to keep rival attackers from feeding off its turf.