NITDA Raises Alarm Over AI-Powered Malware Targeting Nigerian Institutions
The National Information Technology Development Agency (NITDA) has issued a fresh warning over a dangerous artificial intelligence-powered malware known as DeepLoad, revealing that the cyber threat is actively targeting Nigerian government agencies, financial institutions, businesses, and individuals.
The agency disclosed this in a critical advisory released on May 6 through its Computer Emergency Readiness and Response Team (CERRT.NG) and shared on its official X account.
The latest alert comes amid growing concerns over cyber attacks on Nigerian organisations, including banks and government agencies such as the Corporate Affairs Commission (CAC).
According to NITDA, DeepLoad is an advanced AI-enhanced malware designed to infiltrate systems, steal sensitive information, and evade traditional antivirus detection systems. The agency explained that the malware spreads through deceptive website prompts that manipulate users into executing harmful commands on their devices.
“The malware is distributed through a social engineering technique involving fake website error,” the advisory stated.
NITDA explained that once activated, DeepLoad silently embeds itself within infected systems and begins harvesting credentials and sensitive information from major web browsers.
“Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection,” the agency said.
The agency further warned that one of the malware’s most dangerous capabilities is its persistence mechanism, which allows it to survive even after attempted removal.
“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal,” NITDA stated.
The agency stressed that the severity of the threat requires urgent action from organisations and individuals across the country.
“Given its severity and confirmed active targeting of Nigerian entities, all organizations and individuals must implement the protective measures outlined in this advisory immediately,” it added.
NITDA noted that individuals, government institutions, small businesses, and large enterprises remain vulnerable to the rapidly evolving cyber threat posed by DeepLoad.
According to the agency, successful infections could give cybercriminals unauthorised access to bank accounts, mobile money platforms, payment cards, passwords, and sensitive personal information stored on web browsers. The stolen data could subsequently be used for identity theft and financial fraud.
For organisations, the agency warned that infections may lead to operational disruptions requiring full system isolation and remediation efforts. It also cautioned that attacks on government infrastructure could compromise classified networks and threaten national security.
To minimise risks, NITDA advised Nigerians never to paste commands from websites into their computers, noting that legitimate software providers do not request such actions. The agency also urged users to avoid opening suspicious files such as “Chrome Setup” or “Firefox Installer” from USB devices and to scan all external drives with antivirus software before use.
Additionally, the agency recommended enabling two-factor authentication on sensitive accounts and avoiding the storage of banking passwords directly on web browsers.
For organisations, NITDA advised immediate staff sensitisation on the DeepLoad threat, activation of PowerShell Script Block Logging on Windows systems, and regular reviews of browser extensions for unauthorised installations.
The advisory further recommended blocking malicious domains, including holiday-updateservice.com, forest-entity.cc, and hell1-kitty.cc, at firewall and DNS levels.
NITDA also urged organisations to inspect systems for hidden WMI Event Subscriptions that could allow the malware to survive standard cleanup procedures.
The agency said institutions that suspect infections should immediately disconnect affected systems from the internet, change passwords using clean devices, isolate compromised systems, activate incident response teams, and report incidents to NITDA within 72 hours as required by law.
The latest warning adds to mounting concerns over cyber attacks targeting Nigeria’s financial and digital infrastructure in recent months.
In April, the Nigeria Data Protection Commission (NDPC) warned about coordinated cyber threats targeting Nigeria’s financial systems and critical digital infrastructure, urging organisations to strengthen their data protection frameworks.
The warning also followed the commission’s investigation into an alleged data breach involving Remita Payment Services, Sterling Bank, and other entities.
Similarly, the Corporate Affairs Commission temporarily shut down its website between April 17 and April 20, 2026, following reports that about 25 million documents may have been exfiltrated during a suspected cyber attack.
 has issued a fresh warning over a dangerous artificial intelligence-powered){kind=link}