Chinese state-backed group APT24 has been running a multi-year spying operation built around a previously unknown malware strain known as BadAudio, steadily refining how it reaches victims and stays hidden. Analysis from Google’s Threat Intelligence Group shows the campaign has been active since at least late 2022 and mixes classic spearphishing with watering hole compromises and a large supply chain intrusion that touched thousands of websites, all while focusing its efforts on carefully selected Windows systems.
The earliest activity tied to BadAudio involved compromising more than 20 legitimate public sites from different sectors between November 2022 and September 2025. APT24 injected custom JavaScript into these sites to fingerprint visitors and identify systems worth targeting. When a visitor met the criteria, the script triggered a fake software update prompt that delivered the BadAudio loader, while other users saw nothing unusual.
From July 2024, the group shifted to a higher leverage tactic by repeatedly breaching a digital marketing company in Taiwan that supplies JavaScript libraries to client sites. In one phase, they modified a widely used library and registered a lookalike domain that spoofed a major content delivery network, allowing them to reach more than 1,000 domains through trusted supply chains. Later, from late 2024 through July 2025, they returned to the same vendor and hid obfuscated JavaScript inside a tampered JSON file that was pulled in by another script from that provider. In each case, the injected code profiled visitors and sent base64 encoded data back to attacker infrastructure, which then decided whether to respond with a next stage URL.
In parallel, starting around August 2024, APT24 used spearphishing emails that impersonated animal rescue groups to push BadAudio directly to targets. Some of these emails linked to payloads hosted on cloud platforms such as Google Drive and OneDrive instead of attacker controlled servers. Many attempts were filtered into spam, but the messages often included tracking pixels so the operators could see when a recipient opened an email and refine their targeting.
BadAudio itself is built to frustrate analysis. Google’s researchers describe the loader as heavily obfuscated and designed to achieve execution through DLL search order hijacking, so that a legitimate application ends up loading the malicious component. Its code uses control flow flattening, breaking normal program logic into numerous small blocks coordinated by a dispatcher and state variable, which complicates both automated and manual reverse engineering.
Once running, BadAudio collects host data such as machine name, user name and architecture, encrypts it with a hard coded AES key, and sends it to a fixed command and control address. If the operators choose to proceed, the malware downloads an AES encrypted payload, decrypts it and runs it in memory via DLL sideloading. In at least one incident, that follow up stage was a Cobalt Strike Beacon, although Google could not confirm that this tool was used across all intrusions. Despite three years of use, BadAudio has mostly slipped past antivirus detection: of eight samples shared by Google, only two are flagged by more than 25 products on VirusTotal, while the rest, including binaries created in December 2022, are detected by at most five engines. For Google, that combination of supply chain reach, selective targeting and low visibility underlines APT24’s ability to sustain persistent, adaptive espionage with a relatively small piece of well hidden code.
