Lately, many organizations in Nigeria have been victims of cyberattacks, from financial organizations to government agencies and even educational institutions. Now, the National Information Technology Development Agency (NITDA) has issued an urgent warning regarding a new AI-powered malware, DeepLoad.

On its X page on Wednesday, the agency said DeepLoad is "actively targeting Nigerian government agencies, banks, businesses, and individuals." NITDA, which is the agency responsible for implementing IT policies in Nigeria, released the warning through its Computer Emergency Readiness and Response Team (CERRT).

Given its severity, the malware operates in a very complex manner. According to NITDA, "The malware is distributed through a social engineering technique involving fake website error messages that instruct victims to paste a malicious command into their computers." For instance, this could be a fake Chrome error pop-up that shows up while you're casually browsing, and then you're misled to copy a command because it looks like a routine fix. The malware relies more on manipulating people into infecting themselves. Just one copied command, and that's all it takes.

Once the command has been executed, DeepLoad quickly installs itself, stealing saved passwords, documents, IDs, and even banking logins. It uses AI to make itself undetectable by antivirus.

If successful, it can lead to financial loss, identity fraud, and for government agencies, there could be a compromise of classified material.

How to Stay Safe

To stay safe, NITDA recommends the following actions for individuals and organizations:

For Individuals:

  • Never paste commands from a website into your computer. Legitimate software never asks for this.
  • Do not open files named "ChromeSetup" or "FirefoxInstaller" from USB drives. Scan all USB devices with antivirus before use.
  • Enable two-factor authentication on all important accounts. Avoid saving banking passwords in your web browser.

For Organizations:

  • Alert all staff about DeepLoad.
  • Enable PowerShell ScriptBlock Logging on all Windows computers.
  • Review and remove unauthorized browser extensions.
  • Block malicious domains at firewall/DNS level: holiday-updateservice[.]com, forest-entity[.]cc, and hell1-kitty[.]cc.
  • Check for hidden WMI Event Subscriptions that standard cleanup may miss.

If infection is suspected:

  • Disconnect from the internet immediately.
  • Change all passwords.
  • Report to NITDA within 72 hours as required by law.
Inside the ByteToBreach Campaign: How a Single Vulnerability Compromised a Nation’s Financial Infrastructure
In the span of a few weeks, three major Nigerian institutions appeared in cybercrime forums under the same name. How did that happen?
TechloyOgbonda Chivumnovu