I think you mean “Steganography”, where a file is imbedded in a graphic file without it overtly affecting the appearance of the graphic.
The file that is steganographically embedded in a graphic file could be text, a spreadsheet, an audio recording, a video - literally anything. But the bigger the embedded file, the greater the chance of the graphic file containing it becoming distorted or visually affected.
To view or extract the embedded file, you need to
[ol]- open it in a steganographic application (usually it has to be the app that was used to create the steganographic image)
know the decryption/extraction method (generally a keyphrase known to both the sender and the recipient)[/ol]
It is highly unlikely that anyone would use stegonagraphy to embed a virus in an image. One of the primary aims of malware authors is to ensure that their malware can infiltrate a system with the absolute minimum of user intervention (none if at all possible). Steganography is most commonly used to discretely pass information between two parties known to each other for a common purpose. I’ve never heard of steganography being used as a malware infection vector.
Until you have done both steps 1 and 2, it’s just a file, albeit one with an extra file stuffed inside it which you would never know about until you do steps 1 and 2. You’d only do steps 1 and 2 if you knew about the embedded file in the first place.
The data segment embedded steganographically in an image is inert (i.e. non-executable) until, and ONLY until, it is manually extracted by 1) opening the image in the steganographic application that created it and then 2) applying the encryption key or passphrase that was used to embed it.
Once steps 1 and 2 have successfully completed, the embedded data segment can be extracted and saved as a discrete file of some sort, totally separate from the container file it was originally embedded in.
Data that has been steganographically embedded is intended for a specific recipient - it is only useful to the person that knows the stego app and the passphrase for that particular stego enhanced file.
It is simply impossible for a steganographically embedded data segment to automatically unpack itself and perform voodoo on a random persons system.