- NITDA has issued a nationwide warning over a new AI-powered malware called DeepLoad actively targeting Nigerian government agencies, banks, businesses, and individuals
- The malware can steal passwords, banking details, payment card information, and sensitive browser data
- The agency advised users not to paste commands from websites into their computers or open suspicious installer files from USB drives
The National Information Technology Development Agency has raised alarm over a new artificial intelligence-powered malware known as DeepLoad, warning that the cyber threat is actively targeting Nigerian government agencies, financial institutions, businesses, and individuals.
The agency disclosed this in a critical advisory issued on Wednesday, May 6, through Computer Emergency Readiness and Response Team (CERRT.NG) and shared via its official X account.
According to NITDA, DeepLoad is an AI-enhanced malware strain designed to infiltrate systems, steal sensitive information, and evade conventional antivirus detection systems.
The agency explained that the malware spreads through deceptive website prompts that trick users into executing malicious commands on their computers.
“The malware is distributed through a social engineering technique involving fake website error,” the advisory stated.
The warning comes amid growing cyber threats against Nigeria’s digital infrastructure, with recent attacks reportedly targeting both private organisations and government agencies, including the Corporate Affairs Commission.
NITDA explained that once activated, the malware silently embeds itself within infected systems and begins harvesting credentials and sensitive information from major web browsers.
“Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection,” the agency said.
The agency further warned that one of DeepLoad’s most dangerous capabilities is its persistence mechanism, which allows the malware to remain active even after apparent removal attempts.
“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal,” it stated.
NITDA stressed that the severity of the threat requires immediate action from organisations and individuals across the country.
“Given its severity and confirmed active targeting of Nigerian entities, all organizations and individuals must implement the protective measures outlined in this advisory immediately,” the agency added.
According to the advisory, individuals, government institutions, small businesses, and large enterprises are all vulnerable to the rapidly evolving cyber threat posed by DeepLoad.
NITDA warned that a successful infection could grant cybercriminals unauthorised access to bank accounts, mobile money services, payment cards, passwords, documents, and other sensitive information stored on web browsers. The agency added that stolen data could be used for identity theft and financial fraud.
For organisations, DeepLoad infections could result in operational disruptions, forcing complete system isolation and remediation processes. NITDA also warned that attacks on government systems could compromise classified networks and pose risks to national security.
As part of its preventive recommendations, the agency advised Nigerians never to paste commands from websites into their computers, noting that legitimate software providers do not request such actions.
The agency also warned users against opening suspicious files such as “Chrome Setup” or “Firefox Installer” from USB drives and urged them to scan all external storage devices with antivirus software before use.
NITDA further recommended enabling two-factor authentication on critical accounts and avoiding storing banking passwords directly on web browsers.
For organisations, the agency advised companies to immediately sensitise staff about the DeepLoad threat, enable PowerShell Script Block Logging across Windows systems, and review browser extensions for unauthorised installations.
The advisory also recommended blocking malicious domains, including holiday-updateservice[.]com, forest-entity[.]cc, and hell1-kitty[.]cc, at firewall and DNS levels.
Additionally, organisations were urged to check for hidden WMI Event Subscriptions that could allow the malware to survive standard cleanup procedures.
NITDA said institutions that suspect infections should immediately disconnect affected systems from the internet, change all passwords from clean devices, isolate compromised systems, activate incident response teams, and report incidents to the agency within 72 hours as required by law.
The latest warning adds to growing concerns over cyber attacks targeting Nigeria’s financial and digital infrastructure in recent months.
In April, the Nigeria Data Protection Commission warned about coordinated cyber threats targeting Nigeria’s financial systems and key digital infrastructure, urging organisations to strengthen their data protection architecture.
The warning also follows ongoing investigations into an alleged data breach involving Remita Payment Services, Sterling Bank, and other entities.
Similarly, the Corporate Affairs Commission temporarily shut down its website between April 17 and April 20, 2026, following reports that about 25 million documents may have been exfiltrated during a suspected cyber attack.
CAC suspends portal for 3 days amid reports of 25 million leaked documents
Meanwhile, TheRadar earlier reported that the Corporate Affairs Commission had announced a temporary shutdown of its online portal from April 17 to April 20, 2026, as it carries out scheduled maintenance and system upgrades.
The commission disclosed this in a public notice informing users that the platform may be unavailable throughout the maintenance period.
The planned shutdown comes amid reports of a cybersecurity incident affecting parts of the commission’s systems.
According to the commission, the maintenance exercise is intended to improve service delivery and enhance user experience.