Follow Us on Google
By Lawrence Agbo
The National Information Technology Development Agency (NITDA) has issued a fresh cybersecurity warning over a dangerous artificial intelligence-driven malware known as DeepLoad, saying it is actively targeting Nigerian users, businesses and government institutions.
In a security advisory released through its Computer Emergency Readiness and Response Team (CERRT.NG), the agency described DeepLoad as a sophisticated malware strain capable of stealing sensitive information while avoiding detection by traditional antivirus systems.
According to NITDA, the malware poses a serious threat to financial institutions, government agencies, private businesses and individual users across the country.
The agency explained that DeepLoad spreads through fake website prompts designed to deceive users into running harmful commands on their devices.
“The malware is distributed through a social engineering technique involving fake website errors,” NITDA stated.
Once installed, the malicious software quietly embeds itself into the system, extracts stored passwords and sensitive browser data, and uses artificial intelligence to bypass security protections.
NITDA noted that DeepLoad can collect credentials from major web browsers and potentially grant cybercriminals access to bank accounts, payment cards, mobile money services and confidential personal documents.
One of the most concerning features of the malware, according to the agency, is its ability to survive even after users believe it has been removed.
The advisory revealed that DeepLoad uses a hidden Windows Management Instrumentation (WMI)-based persistence system that can reactivate the infection up to three days after cleanup attempts.
Other News
“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection,” the agency warned.
NITDA stressed that both individuals and organisations must act quickly to reduce exposure to the threat.
To stay protected, Nigerians were advised never to copy and paste commands from websites into their computers, as legitimate software providers do not request such actions.
The agency also warned against opening suspicious files such as “Chrome Setup” or “Firefox Installer” from flash drives and urged users to scan all USB devices before use.
Other recommendations include enabling two-factor authentication on important accounts and avoiding the storage of banking passwords directly on web browsers.
For businesses and institutions, NITDA advised immediate staff awareness campaigns, activation of PowerShell Script Block Logging on Windows systems, and review of browser extensions for suspicious installations.
The agency also recommended blocking malicious domains such as holiday-updateservice[.]com, forest-entity[.]cc and hell1-kitty[.]cc at firewall and DNS levels.
Organisations that suspect infection were told to disconnect affected systems from the internet immediately, reset passwords using clean devices, isolate compromised machines, activate incident response teams and report incidents to NITDA within 72 hours in line with legal requirements.
NITDA added that institutions should also inspect systems for hidden WMI Event Subscriptions, which may allow the malware to remain active after standard removal attempts.
