I have the impression that this a rather new development. I'm not sure of the scale of the threat, or how well anti-virus software is prepared to cope with it.
It's not a new development at all. Basically how it works is, the EXIF tags (which can contain any text the author of the image wants) of an image on the web server contain PHP code. Normally, this wouldn't be a problem, since the PHP server should never treat EXIF tags (or any other arbitrary text read from an external file) as code to be executed by the server. But the PHP code on the server contains a function which can indeed treat arbitrary text as code to be executed, and the EXIF tags were (stupidly) fed to this function despite it being well-known that such functions should
never be allowed to operate on external data without safeguards for
exactly this reason. This allows whoever created the image to execute whatever code they want on the web server and basically take full control over it.
Anti-virus software won't help, since it's not a virus - it's just ordinary text in a location where ordinary text normally exists. The real threat comes from poorly-written PHP code treating this text as though it were code. Anti-virus software can't protect against stupidity.
