A new trojan has been detected in the wild that conceals itself in a PNG image, according to a Thursday post on SecureList.

This type of attack – where the malicious payload is hidden in encrypted files – was first exposed several months ago in the U.S., but this new strain originates in Brazil.

The attack begins with a PDF attached to an email message that can deliver an executable or .ZIP file with the .pdf extension in the filename. Clicking downloads several files, including the common image format PNG file header.

SecureList researchers analyzing the binary recognized its size was unusual and identified the function that loads the PNG files to the memory, which then leads to decrypting and executing the extracted binary.

Be wary of emails from unknown sources, especially those containing links and attached files, SecureList advised.