Iframe injection is a new way to embed malicious code from another site into your own. Attackers use the iframe tag to embed content in a PNG image. They place the payload out of view via the elm.style.position.left and.top elements, positioning the image at -1000px.position. The payload is embedded in the meta of the image, and just like that we have a new distribution mechanism. The attacker obfuscated the payload inside a PNG file. This is unique in the level of level of effort being taken to obfuscate the payload.”]
Source: https://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html