In the past, security researchers encountered cases where notorious hackers were able to use EXIF image data to hide malicious code. This technique is still widely used to infect malware web users.
Moving one step further, it was found that hackers have found a way to share malware through its reputable servers Google, such as googleusercontent. Unlike malware stored in text files, it is much harder to detect malicious payloads in images. In addition, it's even harder to report malware on googleusercontent.com on Google.
For those who do not know, googleusercontent is the Google domain to view user-provided content without affecting the security of Google's pages.
According to his report Sucuri, the following code was detected in a script that extracts the PayPal security code:
The script reads EXIF data from a googleusercontent image, which is probably uploaded by someone to a Google+ or Blogger account. When the UserComment section of EXIF data was decoded, it turned out to be a script that has the ability to upload web shell and arbitrary files.
This indicates a greater threat, as there is no way to detect malware until the picture metadata is scanned and decoded. Even after highlighting malware, one can not know the real source of the image.