Blog Details

The National Information Technology Development Agency (NITDA) has raised alarm over a new artificial intelligence-powered malware known as DeepLoad, warning that the cyber threat is actively targeting Nigerian government agencies, financial institutions, businesses, and individuals.

The agency disclosed this in a critical advisory issued on May 6 through its Computer Emergency Readiness and Response Team (CERRT.NG) and shared via its official X account.

The warning comes amid a growing wave of cyber-attacks targeting Nigerian organisations, including private institutions such as banks and government agencies like the Corporate Affairs Commission (CAC).

According to NITDA, DeepLoad is an AI-enhanced malware strain designed to infiltrate systems, steal sensitive information, and evade conventional antivirus detection systems. The agency explained that the malware spreads through deceptive website prompts that trick users into executing malicious commands on their computers.

NITDA further explained that once activated, the malware silently embeds itself within infected systems and begins harvesting credentials and sensitive information from major web browsers.

The advisory noted that one of the most dangerous features of the malware is its ability to remain persistent even after attempted removal. According to NITDA, DeepLoad uses a hidden Windows Management Instrumentation (WMI)-based mechanism capable of restoring the infection days later.

The agency warned that the severity of the threat requires immediate action from both organisations and individuals.

NITDA said individuals, government institutions, businesses, large organisations, and small enterprises are all vulnerable to the rapidly evolving cyber threat posed by DeepLoad.

The agency warned that the stolen data could be used for identity fraud, enabling criminals to impersonate victims for financial gain.

For organisations, NITDA said infections could lead to operational disruptions requiring complete system isolation and remediation processes. It also warned that attacks on government systems could compromise classified networks and pose risks to national security.

To prevent infections, NITDA advised Nigerians never to paste commands from websites into their computers, noting that legitimate software providers do not request such actions.

Additionally, organisations were urged to check for hidden WMI Event Subscriptions that could allow the malware to survive standard cleanup procedures.

NITDA said institutions that suspect infections should disconnect affected systems from the internet immediately, change all passwords from clean devices, isolate compromised systems, activate incident response teams, and report incidents to the agency within 72 hours as required by law.

The latest warning adds to growing concerns over cyber attacks targeting Nigeria’s financial and digital infrastructure in recent months.

The warning also came weeks after the commission announced an investigation into an alleged data breach involving Remita Payment Services, Sterling Bank, and other entities.

Similarly, the Corporate Affairs Commission temporarily shut down its website between April 17 and April 20, 2026, following reports that about 25 million documents may have been exfiltrated during a suspected cyber attack.