If you find bogus icon files, the first step you can take is to remove them all. A shortcut for finding them all is:grep “<php” *.ico
This will slow down any attack in progress that uses those files. However, you aren't out of the woods just by doing that. If such files are on your server, it's likely that other nasty stuff is there, and it may just regenerate those files. If you find malicious icon files on your website, you should definitely run a full scan for malware.
If resource-theft operations like crypto jacking are in progress, they don't directly affect the website other than degrading its performance. They can stay in place for a long time without being noticed. Users just wonder why the site is so sluggish.
A hostile code can hide in files with any harmless-looking extension. Icon files are an attractive choice because no one pays much attention to them. Unlike JPEG or PNG files, they normally aren't used in Web pages. The trick behind successful hacking is often just not to get noticed. Success in cybersecurity requires noticing everything.
To protect your website and remove this and other kinds of malware, we have created an All-in-one Website Protection Platform. In helps to increase cybersecurity and reduce IT costs. Everything you need to manage the cybersecurity risks - a website firewall, an incident response team to fix hacking, advanced malware scanning techniques, DNS/IP checkups, malware and blacklists removal, and advanced features to boost your business security online - all in one place. For more info and to sign up - ThreatSign Website Antimalware.