How can ancillary chunks like tEXt be used to hide payloads in PNG images, and what are the practical implications?

The `tEXt` chunk stores key-value text pairs (e.g., author, description). You can embed a payload (e.g., a shell command or malicious script) in the chunk data. Since viewers typically ignore unknown ancillary chunks, the image displays normally online. When the target downloads the image, a custom decoder extracts the payload from the PNG's chunk structure. This method is similar to techniques used in an interesting way of bypassing Windows Attachment Manager, where file format tricks evade security filters.