APT24 Uses BADAUDIO Malware in Three-Year Espionage Campaign

A threat actor known as APT24 has been using a previously undocumented malware called BADAUDIO to establish persistent remote access to compromised networks. The campaign, which has been ongoing for nearly three years, initially relied on broad strategic web compromises but has recently shifted to more sophisticated vectors, including supply chain attacks and targeted phishing campaigns. The malware is highly obfuscated and uses control flow flattening to resist reverse engineering. APT24 has compromised over 20 legitimate websites and a regional digital marketing firm to deliver BADAUDIO, which acts as a first-stage downloader capable of executing encrypted payloads from command and control servers.