A new Brazilian banking trojan, dubbed BasBanke, is setting trends in Brazil with over 10,000 installations from the official Google Play Store alone.

Kaspersky Labs researchers witnessed the malware starting to make rounds during that country’s 2018 election and found the malware has credential stealing, keylogging, screen recording, SMS interception, payment card and financial information stealing features, according to an April 4, blog post.

The campaigns new URLs redirect victims to the either the Google Play Store or a third-party website hosting malicious APK packages. Researchers noted the number of targeted banking applications is quite significant and included the likes of several Brazilian financial institutions, Spotify, YouTube, and Netflix.

BasBanke is luring users under the guise of QR reader apps or imitation travel agency apps offering phony deals all of which are advertised via Facebook and WhatsApp messages.