Security vulnerabilities in multimodal mobile GUI agents (e.g., Mobile-Agent, MM-REACT) remain unexplored systematically. Method: We propose the first threat modeling framework tailored for multimodal GUI agents, integrating formal threat modeling, cross-modal adversarial example generation, and GUI automation-based interaction testing on a hybrid platform of real devices and emulators. Contribution/Results: Our empirical study identifies and validates 34 novel cross-modal attacks targeting critical weak points in the vision–language collaborative decision-making pipeline. All attacks achieve an average success rate of 86.3% across mainstream mobile systems, demonstrating their practical feasibility and broad applicability. Additionally, we release a reproducible attack evaluation framework and a large-scale screenshot–instruction pair dataset, establishing both methodological foundations and empirical benchmarks for security research on multimodal intelligent agents.

The integration of Large Language Models (LLMs) and Multi-modal Large Language Models (MLLMs) into mobile GUI agents has significantly enhanced user efficiency and experience. However, this advancement also introduces potential security vulnerabilities that have yet to be thoroughly explored. In this paper, we present a systematic security investigation of multi-modal mobile GUI agents, addressing this critical gap in the existing literature. Our contributions are twofold: (1) we propose a novel threat modeling methodology, leading to the discovery and feasibility analysis of 34 previously unreported attacks, and (2) we design an attack framework to systematically construct and evaluate these threats. Through a combination of real-world case studies and extensive dataset-driven experiments, we validate the severity and practicality of those attacks, highlighting the pressing need for robust security measures in mobile GUI systems.