Even Internet Explorer 7 has gotten in on the PNG transparency act, which means designers can take advantage of sophisticated things like gradients or faded images. But there’s one problem.

Researchers have discovered a relatively new way to distribute malware that relies on reading malicious obfuscated JavaScript code stored in a PNG file’s metadata to trigger iFrame injections.