Hackers are hiding malicious code inside the metadata fields of images hosted on Google’s official CDN (content delivery network) googleusercontent.com. The type of images that are being hosted on this domain are usually the photos uploaded on Blogger.com and the Google+ social network. The code contained in that field was a Base64-encoded string that when decoded multiple times would end up being a script that could upload a. predefined web shell on the compromised server, along with various other files.
Source: https://www.bleepingcomputer.com/news/security/google-user-content-cdn-used-for-malware-hosting/