NITDA Raises Alarm Over Deadly AI Malware Targeting Nigerian government agencies, banks, businesses

• NITDA has warned Nigerians about a dangerous AI-powered malware called DeepLoad targeting banks, government agencies, businesses, and individuals
• The malware spreads through fake website messages that trick users and allow hackers to steal passwords, banking details, and sensitive data
• The agency advised Nigerians to strengthen cybersecurity measures, avoid suspicious downloads, and enable two-factor authentication to prevent attacks

Legit.ng journalist Victor Enengedi has over a decade's experience covering energy, MSMEs, technology, banking and the economy.

The National Information Technology Development Agency (NITDA) has issued a fresh cybersecurity warning over a dangerous AI-powered malware known as DeepLoad, which is reportedly targeting government agencies, banks, businesses, and individuals across Nigeria.

The agency disclosed the warning in a cybersecurity advisory shared on its official X account on Wednesday, urging organisations and computer users to stay alert and take immediate protective measures.

The warning comes shortly after several Nigerian institutions reportedly suffered cyber incidents and unauthorised access attempts affecting platforms linked to organisations such as the Corporate Affairs Commission, the Economic and Financial Crimes Commission, Remita, and Sterling Bank.

Read also

Presidency, NCC, FCCPC under fire as Nigeria’s airtime credit crisis leaves 40 million stranded

How the DeepLoad malware operates

According to NITDA, DeepLoad is a new AI-enhanced malware strain actively targeting Nigerian government agencies, financial institutions, businesses, and individuals.

The agency stated that cybercriminals are spreading the DeepLoad malware through fake website error messages designed to trick users into copying and pasting harmful commands into their computers.

NITDA stated that when the command is executed, the malware quietly installs itself on the victim’s system and begins stealing sensitive information.

It stated:

“Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection."

NITDA explained that the malware uses artificial intelligence to avoid detection by antivirus software, making it more difficult to identify and remove.

The agency also revealed that DeepLoad contains a hidden persistence feature based on Windows Management Instrumentation (WMI), allowing the malware to reactivate itself up to three days after users believe it has been removed.

Read also

Banks seize Airtime, data loan market from MTN, Airtel as GTBank, FirstBank offer cheaper rates

Risks to banks, businesses, and government systems

NITDA warned that a successful DeepLoad attack could give criminals access to victims’ bank accounts, mobile money platforms, and payment cards.

The agency said infected systems may also expose confidential documents, personal information, and stored login credentials, increasing the risk of identity theft and financial fraud.

For organisations, the malware could disrupt operations, force complete system shutdowns for cleanup, and potentially compromise sensitive government networks, posing a serious national security concern.

NITDA lists safety measures for Nigerians

To reduce the risk of infection, NITDA advised Nigerians never to paste commands from unknown websites into their computers, noting that legitimate software providers do not request such actions.

The agency also warned users against opening suspicious files labelled “Chrome Setup” or “Firefox Installer” from USB drives and urged them to scan external devices with antivirus software before use.

NITDA further encouraged individuals and organisations to activate two-factor authentication on important accounts and avoid saving banking passwords directly in web browsers.

Read also

MTN, Airtel, other telcos begin call restrictions for debtors amid FCCPC’s new regulations

The agency asked companies and public institutions to sensitise staff about the DeepLoad threat, remove unauthorised browser extensions, and strengthen internal cybersecurity monitoring systems.

It also recommended blocking suspicious domains linked to the malware, checking systems for hidden WMI event subscriptions, and disconnecting infected devices from the internet immediately if an attack is suspected.

According to the agency, organisations are expected to report any suspected DeepLoad incidents to NITDA within 72 hours in line with existing cybersecurity regulations.

NCC warns against "Wangiri" missed call scam

Meanwhile, Legit.ng earlier reported that the Nigerian Communications Commission (NCC) warned Nigerians about the growing rise of “Wangiri” phone scams targeting mobile users across the country.

The scam, whose name comes from a Japanese phrase meaning “one ring and drop,” involves fraudsters placing very short calls and ending them almost immediately.

The aim is to trick unsuspecting victims into calling the number back, which could then lead to expensive charges or expose them to other forms of fraud.

Source: Legit.ng