For future reference: Always check the urls in Google webmaster tools under the 'fetch as googlebot' section and look for the keywords in the raw code googlebot sees. Malicious code is often only displayed to search engines and not direct users so it may be hiding from you.
Another option to avoid getting those keywords would be to use Google's image maps instead of embedding them. The map is displayed on your site as a normal .jpg image. If you don't need visitor interaction with the map this is the way to go although some interaction is possible if you link the image to the traditional map url.
read more: https://developers.google.com/maps/documentation/imageapis/