Andrea Fortuna in a recent blog post is reporting a new attack vector being used to distribute a particularly nasty ransom ware virus (Nemucod) via svg images sent on Facebook Messenger.

If you receive an image with a .svg extension via messenger DO NOT CLICK ON IT.

Andrea has a fantastic run down on how this works.

The message contains just an image with a .svg extension sent automatically thereby avoiding the Facebook file testing that is normally done.

This again reaffirms that you MUST NOT trust anything you are sent from an unknown source via any means.