Researchers have unearthed a further Bitcoin virus amid warnings that CryptoShuffler had made a comeback, stealing over $140,000.

According to Russian news media resource RBC, Kaspersky and ESET antivirus researchers have discovered two apps which do not officially exist infecting users on Google Play.

The apps purport to be from cryptocurrency exchange Poloniex, despite Poloniex not actually having an app.

After download, users who enter login information find funds being stolen from their Poloniex accounts. So far, around 5,000 downloads have completed, the investigators warned.

“These two apps were trying to steal Poloniex credentials as well as gaining access to user emails,” ESET’s Lukas Stefanko said in a warning first issued last week.

The latest threat adds to the soup of malicious items currently targeting Internet users, leveraging Bitcoin as a weapon.

In addition to CryptoShuffler, which takes advantage of copy+paste tools to replace destination Bitcoin addresses, businesses last week continued to be held to ransom by new Bitcoin malware.

Bad Rabbit, which targeted major outfits in Russia, Ukraine and further afield, displayed similar characteristics to May’s WannaCry attack.

Stefanko meanwhile advised users to enable two-factor authentication as a matter of course to guard against falling prey to current or future hackers.