The malware is called TSPY_ZBOT.TFZAH, and doesn’t itself come through the images, but rather, once it’s already in place it uses the photos as a way of masking code that might otherwise be easier to spot. The malware itself arrives via the usual channels, through other malware or through visiting an infected site.
Once it’s in place, it will download the image without your knowledge. As Trend Micro explains:
Using steganography, the image contains concealed information for the malware, specifically of various banks to target. If the user then visits one of those bank websites, it intercepts login information, gaining them access to your bank account.
As for the images themselves, they’re popular and widespread photos of indeterminate origin, which further makes it easier to seem like something you might have once downloaded legitimately.