Hackers are targeting the classified advert board Craigslist with fake job offers leading to malware drops, according to security firm Blue Coat.
Victims are lured to the phoney job site bookhvy.com with promises of a job application for companies such as Samsung, before being exploited with a malware download.
Chris Larsen, malware researcher at Blue Coat, said: "It appears that the bad guys running this scam were using a variety of methods, including Google searches, to drive traffic to bogus ads on Craigslist.
"The attack has been running for about two weeks, and has attracted about 50 visitors in our customer base, 16 of whom were deceived enough to click on the button to get the download."
Blue Coat found more than 600 adverts on Craigslist that linked to bookhvy.com, pitching a variety of jobs across the United States.
Though some English mistakes were noticeable on the fraudulent site, the appearance was clean and plausible enough to trick some victims.
Larsen noted that the malware drop carried the .scr extension, which is legitimately used for Windows screensavers but has also become common among hackers delivering viruses.
Craigslist has been contacted for comment by CBR.