The Facebook messaging app is being used to spread a nasty encryption virus.

Here’s how it works.

The target receives a message via the facebook messaging app.

The message contains an image file ending with the extension .svg, which stands for scalable vector graphic. This type of file is used because it can contain executable code. In this case the image file may contain an encryption virus designed to spread throughout your system encrypting your personal data. Once infected, the only way to decrypt the files is to pay a ransom to the attackers in exchange for the means to decrypt your computer.

Furthermore the image, once clicked, directs the victim to a web page that mimics youtube. There the user will be told to download an extension in order to view the video on the page. The extension then embeds code in your browser that allows the attackers to access your facebook profile and spread the virus to all your friends.

There is an easy way to avoid getting infected. If you receive a message containing an image file DO NOT click on it! Even if you know and trust the person who presumably sent it to you.

This type of attack is what’s referred to as social engineering, because it relies on the manipulation of human behavior to carry out the attack. The best defense in this case is education. So spread the word to your friends and family. Be aware of images cropping up in your facebook messenger app, and do not click!