My question is, say someone keylogged the smartphone (is this even possible?) you use to log in to an exchange. Is there a malware they may use to also get the code from the google authenticator that is also on the phone?
There is nothing technical to prevent malware from capturing clipboard contents or screenshots on computers or mobile phones. Whether or not such malware exists is always up for debate considering that the best malware can go undetected for long periods of time. Regarding the second question, it would depend on how Google authenticator works. For instance, if it uses direct communication over an encrypted channel and a deterministic rolling code, then perhaps there is no malware that can take advantage of that without Google's encryption first being hacked (for instance, by way of a stolen SSL certificate). On the other hand, based on this:
By the way, those secret codes are stored in plaintext so if you're rooted and install a rogue program - good luck.
I'd say malware that could get the GA codes on a rooted phone could certainly exist (assuming that quote is accurate). Malware that could get it on an factory phone may exist as well if there are any flaws that allow apps to access data that is supposed to be secured to other apps.
