How does Invoke-PSImage embed a PowerShell payload into a PNG image without affecting normal viewing?

Invoke-PSImage uses a form of steganography that replaces the lower 4 bits of the Green and Blue color components of each pixel with parts of the payload. Each pixel stores one byte of data—the high and low nibbles of the payload byte go into the Blue and Green channels respectively, while the Red channel is used for random padding. This modifies the image slightly but keeps it visually recognizable. For a detailed breakdown of the embedding process, see the Invoke-PSImage Utilization Analysis article.