The National Information Technology Development Agency has issued a critical nationwide cybersecurity alert warning that a dangerous new AI-powered malware known as “DeepLoad” is actively targeting Nigerian government institutions, financial organizations, businesses, and individual internet users.
In an advisory identified as NCA-270406-01, NITDA described DeepLoad as a sophisticated malware strain capable of stealing sensitive financial and personal information while using artificial intelligence-driven techniques to evade detection by conventional antivirus systems.
According to the agency, the malware is being distributed through deceptive social engineering tactics involving fake website error messages that instruct unsuspecting users to paste malicious commands into their computers. Once activated, the malware reportedly installs itself silently, harvests stored credentials and browser data, and compromises sensitive information from infected systems.
NITDA warned that the malware possesses an advanced persistence mechanism capable of reactivating infections even after users believe the threat has been removed. The agency stated that DeepLoad incorporates “a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal.”
The agency noted that the threat poses serious risks to banks, public institutions, critical infrastructure operators, businesses, and citizens who rely on digital platforms for communication and financial transactions. According to the advisory, successful attacks could result in unauthorized access to bank accounts, mobile money services, payment systems, identity theft, and large-scale operational disruptions.
NITDA also raised concerns about potential national security implications if sensitive government networks are compromised by the malware campaign. The agency stressed that organizations must urgently strengthen internal cybersecurity systems and improve staff awareness to prevent successful infiltration.
As part of its emergency recommendations, NITDA warned Nigerians never to paste commands from websites into their computers, emphasizing that “legitimate software never asks for this.” The agency further advised users to avoid opening suspicious files labeled as browser installers from USB devices and to enable two-factor authentication on critical accounts.
For organizations, NITDA recommended immediate activation of enhanced monitoring systems, including PowerShell Script Block Logging on Windows devices, alongside the removal of suspicious browser extensions and the blocking of identified malicious domains linked to the campaign.
The domains specifically identified in the advisory include “holiday-updateservice[.]com,” “forest-entity[.]cc,” and “hell1-kitty[.]cc,” which organizations have been urged to block at firewall and DNS levels.
NITDA further instructed organizations to disconnect affected systems from the internet immediately if compromise is suspected, isolate infected devices, activate incident response teams, and change passwords from clean devices. The agency also reminded organizations of their legal obligation to report cybersecurity incidents within 72 hours.
The warning comes amid growing global concern over increasingly sophisticated cyberattacks powered by artificial intelligence. International cybersecurity reports from ReliaQuest, Infosecurity Magazine, and The Hacker News have also highlighted DeepLoad’s use of AI-generated code and stealth techniques to bypass traditional security systems.
