At this point in time it appears that this is pretty much all it does. It is unsure why they would even want the user’s credentials since not much can be gleaned by logging into the user’s account, not even credit card information since only the last four digits of the credit card is displayed at all times. It has been suggested that perhaps this is just a trial run by the developers of this bogus app for something a little more malicious in the future, such as bogus mobile banking app.
Symantec seems to think that the reason why this bogus app has been making its round is due to Netflix releasing their official app earlier this year for select Android handsets only, and only recently publishing its app with additional device support. This gap in release, combined with many users interested in getting their hands on the app might have explained the reason why so many people may have fallen prey to this bogus app.