The National Information Technology Development Agency has issued a warning over a new AI-driven malware called DeepLoad, saying it is actively targeting government institutions, financial organisations, businesses, and individuals in Nigeria.
In an advisory released on May 6 through its Computer Emergency Readiness and Response Team and posted on its official X account, the agency described the threat as critical and urged heightened vigilance.
The alert comes amid a rise in cyberattacks on Nigerian organisations, including banks and public agencies such as the Corporate Affairs Commission.
According to NITDA, DeepLoad is an AI-enhanced malware designed to infiltrate computer systems, steal sensitive data, and bypass traditional antivirus protections.
The agency noted that it spreads through deceptive website prompts that lure users into unknowingly running malicious commands on their devices.
“The malware is distributed through a social engineering technique involving fake website error,” the advisory stated.
NITDA also stated that once activated, the malware quietly installs itself on infected systems and begins extracting credentials and other sensitive data, particularly from popular web browsers.
“Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection,” the agency said.
The advisory highlighted that one of DeepLoad’s most concerning traits is its persistence, allowing it to survive even after removal attempts.
NITDA explained that the malware leverages a hidden Windows Management Instrumentation (WMI)-based mechanism that can reinfect systems days after it appears to have been eliminated.
“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal,” it stated.
The agency cautioned that the seriousness of the threat calls for urgent action from both organisations and individual users.
“Given its severity and confirmed active targeting of Nigerian entities, all organizations and individuals must implement the protective measures outlined in this advisory immediately,” NITDA added.
NITDA stated that the DeepLoad malware poses a risk to a wide range of targets, including individuals, government institutions, large corporations, and small businesses, as it continues to evolve rapidly.
According to the agency, a successful DeepLoad infection could give cybercriminals unauthorised access to bank accounts, mobile money platforms, and payment cards.
It can also extract passwords, documents, and other sensitive personal data stored in web browsers.
NITDA warned that the stolen information may be used to commit identity fraud, allowing attackers to impersonate victims for financial exploitation.
For organisations, the agency added that infections could result in operational disruptions, often requiring full system isolation and extensive remediation efforts.
