Beauty and the Beast! Cryptocurrency mining malware is being hidden in click-bait pictures. This is another way to attackers to potentially compromise victims that ultimately download the mining program which will direct financial benefits to the attacker. Behavioral hacks aren't going away anytime soon.
Security researchers at Imperva have identified a campaign in which attackers append malicious binary code into a picture which leverages SQL to be extraced and executed. The code was found embedded in a picture of Scarlett Johansson on a public image site, and initiated cryptocurrency Monero mining malware.
Imperva's full technical breakdown can be read here: https://www.imperva.com/blog/2018/03/deep-dive-database-attacks-scarlett-johanssons-picture-used-for-crypto-mining-on-postgre-database/
Expect crypto-mining malware to use every known method in the attackers playbook to find victims: spam, phishing, infected websites, malicious ads, office attachments, worms, fake patches, trojan apps, etc.
Everything.