The National Information Technology Development Agency (NITDA) has issued a fresh cybersecurity warning over a dangerous AI-powered malware known as DeepLoad, which is reportedly targeting government agencies, banks, businesses, and individuals across Nigeria.
The agency disclosed the warning in a cybersecurity advisory shared on its official X account on Wednesday, urging organisations and computer users to stay alert and take immediate protective measures.
NITDA Raises Alarm Over Deadly AI Malware Targeting Nigerian government agencies, banks, businesses Source: UGC
The warning comes shortly after several Nigerian institutions reportedly suffered cyber incidents and unauthorised access attempts affecting platforms linked to organisations such as the Corporate Affairs Commission, the Economic and Financial Crimes Commission, Remita, and Sterling Bank.
How the DeepLoad malware operates
According to NITDA, DeepLoad is a new AI-enhanced malware strain actively targeting Nigerian government agencies, financial institutions, businesses, and individuals.
The agency stated that cybercriminals are spreading the DeepLoad malware through fake website error messages designed to trick users into copying and pasting harmful commands into their computers.
NITDA stated that when the command is executed, the malware quietly installs itself on the victim's system and begins stealing sensitive information.
It stated: "Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection."
NITDA explained that the malware uses artificial intelligence to avoid detection by antivirus software, making it more difficult to identify and remove.
The agency also revealed that DeepLoad contains a hidden persistence feature based on Windows Management Instrumentation (WMI), allowing the malware to reactivate itself up to three days after users believe it has been removed.
Risks to banks, businesses, and government systems
NITDA warned that a successful DeepLoad attack could give criminals access to victims' bank accounts, mobile money platforms, and payment cards.
The agency said infected systems may also expose confidential documents, personal information, and stored login credentials, increasing the risk of identity theft and financial fraud.
For organisations, the malware could disrupt operations, force complete system shutdowns for cleanup, and potentially compromise sensitive government networks, posing a serious national security concern.
NITDA lists safety measures for Nigerians
To reduce the risk of infection, NITDA advised Nigerians never to paste commands from unknown websites into their computers, noting that legitimate software providers do not request such actions.
The agency also warned users against opening suspicious files labelled "Chrome Setup" or "Firefox Installer" from USB drives and urged them to scan external devices with antivirus software before use.
NITDA further encouraged individuals and organisations to activate two-factor authentication on important accounts and avoid saving banking passwords directly in web browsers.
The agency asked companies and public institutions to sensitise staff about the DeepLoad threat, remove unauthorised browser extensions, and strengthen internal cybersecurity monitoring systems.
It also recommended blocking suspicious domains linked to the malware, checking systems for hidden WMI event subscriptions, and disconnecting infected devices from the internet immediately if an attack is suspected.
According to the agency, organisations are expected to report any suspected DeepLoad incidents to NITDA within 72 hours in line with existing cybersecurity regulations.
