Phishing scammers are going after people hoping to claw some of their money back from the MtGox collapse.

Researchers with computer security biz Cyren have spotted a new round of spam messages claiming to originate from Kraken, the exchange that is heading up efforts to pay out Bitcoins recovered from the MtGox implosion.

The messages redirect users to a Google Docs page claiming to host an update on the status of Bitcoin recovery claims.

The document, however, is actually an executable file that delivers a Windows trojan (W32/Trojan5.NRB), which, according to Cyren, then looks for any local Bitcoin wallets it can plunder.

Let's try and recap this Inception-esque scheme: people who were relieved of their Bitcoins in a baffling turn of events are now getting scammed out of their Bitcoins by another group that is pretending to be the group trying to refund the money lost by MtGox.

The emails lead to a Google Docs download page [Image via Cyren]

In theory, a MtGox victim would get the spam message and follow the link to what they believe is a claims update on their lost MtGox Bitcoins. Instead, they would launch a malware payload that steals their current Bitcoins.

How the malware would look on a desktop [Image via Cyren]

Needless to say, users should avoid clicking on any links from untrusted and unsolicited emails, and should definitely avoid launching any executables.

Those who did lose their Bitcoins in the MtGox collapse can check the status of their claim through the Kraken-run claims portal. ®