According to Karsten Hahn, this malware is actually written in JPHP, but can be treated similar to .class files produced by Java. IceRat has been observed to carry out information stealing and mining.
|2020-12-01 ⋅ Gdata ⋅ |
IceRat evades antivirus by running PHP on Java VM
There is no Yara-Signature yet.