Nigeria’s cybersecurity agency, the National Information Technology Development Agency (NITDA), has raised alarm over a new artificial intelligence-powered malware known as “DeepLoad,” warning that the cyber threat is actively targeting Nigerian government agencies, financial institutions, businesses and individuals.
The agency disclosed this in a critical advisory issued on May 6 through its Computer Emergency Readiness and Response Team (CERRT.NG) and shared via its official X account.
The warning comes amid a growing wave of cyber-attacks targeting Nigerian organisations, including private institutions such as banks and government agencies like the Corporate Affairs Commission (CAC).
According to NITDA, DeepLoad is an AI-enhanced malware strain designed to infiltrate systems, steal sensitive information and evade conventional antivirus detection systems.
“The malware is distributed through a social engineering technique involving fake website error,” the advisory stated.
NITDA explained that the malware spreads through deceptive website prompts that trick users into executing malicious commands on their computers.
“Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection,” the agency said.
The agency further warned that one of the most dangerous features of the malware is its ability to remain active even after attempted removal.
“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal,” it stated.
NITDA stressed that the severity of the threat requires immediate action from both organisations and individuals across the country.
“Given its severity and confirmed active targeting of Nigerian entities, all organizations and individuals must implement the protective measures outlined in this advisory immediately,” the agency added.
The agency warned that individuals, government institutions, businesses, large organisations and small enterprises are all vulnerable to the rapidly evolving cyber threat posed by DeepLoad.
According to NITDA, a successful DeepLoad infection could grant cybercriminals unauthorised access to bank accounts, mobile money services and payment cards, while also enabling the theft of passwords, documents and sensitive personal information stored on web browsers.
The agency warned that the stolen information could be exploited for identity fraud, allowing criminals to impersonate victims for financial gain.
For organisations, NITDA said infections could trigger operational disruptions requiring complete system isolation and remediation procedures. It added that attacks on government systems could compromise classified networks and pose broader national security risks.
To prevent infections, NITDA advised Nigerians never to paste commands from websites into their computers, noting that legitimate software providers do not request such actions.
The agency also cautioned users against opening suspicious files such as “Chrome Setup” or “Firefox Installer” from USB drives and advised that all external storage devices be scanned with antivirus software before use.
NITDA further recommended enabling two-factor authentication on important accounts and avoiding the storage of banking passwords directly on web browsers.
For organisations, the agency urged companies to immediately sensitise staff about the DeepLoad threat, enable PowerShell Script Block Logging across Windows systems and review browser extensions for unauthorised installations.
The advisory also recommended blocking malicious domains, including holiday-updateservice[.]com, forest-entity[.]cc and hell1-kitty[.]cc, at firewall and DNS levels.
Additionally, organisations were advised to check for hidden WMI Event Subscriptions that could allow the malware to survive standard cleanup procedures.
NITDA said institutions that suspect infections should immediately disconnect affected systems from the internet, change all passwords from clean devices, isolate compromised systems, activate incident response teams and report incidents to the agency within 72 hours as required by law.
The latest warning has added to growing concerns over cyber attacks targeting Nigeria’s financial and digital infrastructure in recent months.
In April, the Nigeria Data Protection Commission (NDPC) warned about coordinated cyber threats targeting Nigeria’s financial systems and critical digital infrastructure, urging organisations to strengthen their data protection architecture.
The warning also followed the commission’s announcement of an investigation into an alleged data breach involving Remita Payment Services, Sterling Bank and other entities.
Similarly, the Corporate Affairs Commission temporarily shut down its website between April 17 and April 20, 2026, following reports that about 25 million documents may have been exfiltrated during a suspected cyber attack.
Nigeria’s cybersecurity agency, the National Information Technology Development Agency (NITDA), has raised alarm over a new artificial intelligence-powered malware known as “DeepLoad,” warning that the cyber threat is actively targeting Nigerian government agencies, financial institutions, businesses and individuals.
The agency disclosed this in a critical advisory issued on May 6 through its Computer Emergency Readiness and Response Team (CERRT.NG) and shared via its official X account.
The warning comes amid a growing wave of cyber-attacks targeting Nigerian organisations, including private institutions such as banks and government agencies like the Corporate Affairs Commission (CAC).
According to NITDA, DeepLoad is an AI-enhanced malware strain designed to infiltrate systems, steal sensitive information and evade conventional antivirus detection systems.
“The malware is distributed through a social engineering technique involving fake website error,” the advisory stated.
NITDA explained that the malware spreads through deceptive website prompts that trick users into executing malicious commands on their computers.
“Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection,” the agency said.
The agency further warned that one of the most dangerous features of the malware is its ability to remain active even after attempted removal.
“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal,” it stated.
NITDA stressed that the severity of the threat requires immediate action from both organisations and individuals across the country.
“Given its severity and confirmed active targeting of Nigerian entities, all organizations and individuals must implement the protective measures outlined in this advisory immediately,” the agency added.
The agency warned that individuals, government institutions, businesses, large organisations and small enterprises are all vulnerable to the rapidly evolving cyber threat posed by DeepLoad.
According to NITDA, a successful DeepLoad infection could grant cybercriminals unauthorised access to bank accounts, mobile money services and payment cards, while also enabling the theft of passwords, documents and sensitive personal information stored on web browsers.
The agency warned that the stolen information could be exploited for identity fraud, allowing criminals to impersonate victims for financial gain.
For organisations, NITDA said infections could trigger operational disruptions requiring complete system isolation and remediation procedures. It added that attacks on government systems could compromise classified networks and pose broader national security risks.
To prevent infections, NITDA advised Nigerians never to paste commands from websites into their computers, noting that legitimate software providers do not request such actions.
The agency also cautioned users against opening suspicious files such as “Chrome Setup” or “Firefox Installer” from USB drives and advised that all external storage devices be scanned with antivirus software before use.
NITDA further recommended enabling two-factor authentication on important accounts and avoiding the storage of banking passwords directly on web browsers.
For organisations, the agency urged companies to immediately sensitise staff about the DeepLoad threat, enable PowerShell Script Block Logging across Windows systems and review browser extensions for unauthorised installations.
The advisory also recommended blocking malicious domains, including holiday-updateservice[.]com, forest-entity[.]cc and hell1-kitty[.]cc, at firewall and DNS levels.
Additionally, organisations were advised to check for hidden WMI Event Subscriptions that could allow the malware to survive standard cleanup procedures.
NITDA said institutions that suspect infections should immediately disconnect affected systems from the internet, change all passwords from clean devices, isolate compromised systems, activate incident response teams and report incidents to the agency within 72 hours as required by law.
The latest warning has added to growing concerns over cyber attacks targeting Nigeria’s financial and digital infrastructure in recent months.
In April, the Nigeria Data Protection Commission (NDPC) warned about coordinated cyber threats targeting Nigeria’s financial systems and critical digital infrastructure, urging organisations to strengthen their data protection architecture.
The warning also followed the commission’s announcement of an investigation into an alleged data breach involving Remita Payment Services, Sterling Bank and other entities.
Boluwatife Enome
Follow us on:
