Unfortunately, Android users need to be increasingly vigilant when it comes to non-Market apps and hacks. Nowhere is this more true than unofficial versions of the Netflix app. Security firm Symantec has documented a fake version of the video streaming app that steals users’ log in data in a nasty Trojan exploit.

Netflix recently expanded its video streaming app to all Android devices from 2.2 Froyo and above. Unfortunately, that still leaves almost 15% of Android phones and tablets out of the loop, and various custom versions of the Netflix app have been circulating to try and circumvent the limitation. There’s also the apps for formerly unsupported devices that can be found on user forums all over the Internet. With all these app versions (not to mention unsatisfied Netflix customers) floating around, it’s no surprise that an enterprising hacker has devised a new vector for password theft.

The app is a pretty good approximation of the Netflix log in screen – you can see the differences in Symantec’s illustration above. What’s even more dangerous is the fact that many people share log ins and passwords across multiple sites, making this sort of scam a minefield for identity theft. (You don’t do that, right?) Remember: if your phone uses Android 2.2 or higher, there’s no reason NOT to download Netflix from the Android Market. And as always, never download and install an APK from a source that you don’t fully trust.

[via Cnet]