The malware samples we analyzed attempt to locate a mu binary in the default su directories," explains the Kaspersky report. "This indicates an effort to evade root detection on the victim's device.