If the malware roots the device, probably not, but if it takes read.sms permissions, it should only get ciphertext. if it replaces the main SMS messenger, then it breaks, but you'd know.
I just did a rough threat model on this exact scenario and worked with the assumption that Signal's MasterSecret covered it in the sms DB - but haven't done a thorough code review yet.