By 
New advanced malware uses AI to evade detection, steals credentials from browsers, and can reactivate days after deletion.
 The National Information Technology Development Agency (NITDA) has issued a security alert over a new artificial intelligence-powered malware known as DeepLoad, warning that it is actively targeting government agencies, financial institutions, businesses, and individuals across Nigeria.
RELATED: NITDA warns Nigerians about Grandoreiro malware targeting banking data: How to stay safe
The warning, released on the agency’s X handle through its Computer Emergency Readiness and Response Team, comes as cyberattacks against Nigerian organisations continue to rise.
What Is DeepLoad? A New Generation of AI-Driven Malware
According to NITDA, DeepLoad is a highly advanced malware strain designed to steal sensitive information while avoiding detection by traditional antivirus systems. It spreads through social engineering tactics, particularly fake website error prompts that trick users into running malicious commands.
“The malware is distributed through a social engineering technique involving a fake website error,” NITDA stated in its advisory.
Once executed, the malware installs itself quietly on a device and begins extracting stored credentials and sensitive data from major web browsers. It then uses artificial intelligence techniques to help it evade detection and remain active.
“Once executed, DeepLoad silently installs itself, harvests stored credentials and sensitive data from major browsers, and leverages artificial intelligence to evade antivirus detection,” the agency said.
A Persistent Threat: DeepLoad Reactivates Days After Deletion
NITDA also warned that DeepLoad has a persistence mechanism that makes it especially difficult to remove. The malware can reactivate itself days after it appears to have been deleted.
“Critically, the malware incorporates a hidden WMI-based persistence mechanism capable of reactivating the infection up to three days after apparent removal,” the advisory stated.
The agency described the threat as serious and already active, urging immediate protective measures.
“Given its severity and confirmed active targeting of Nigerian entities, all organizations and individuals must implement the protective measures outlined in this advisory immediately.”
Who Is at Risk? Banks, Government, and Individuals
NITDA warned that individuals, businesses, and government institutions are all at risk. A successful infection could give attackers access to:
- Bank accounts
- Mobile money services
- Payment cards
- Passwords
- Sensitive personal documents
The agency also raised concerns about identity theft, saying stolen information could be used to impersonate victims for financial gain.
Organisational Risks
For organisations, NITDA said infections could lead to major operational disruptions, including system shutdowns and costly recovery processes. It also warned that breaches in government systems could compromise classified data and national security infrastructure.
How to Protect Against DeepLoad
Basic Precautions
| Action | Recommendation |
|---|---|
| Avoid unknown commands | Do not copy or execute commands from unknown websites; legitimate software providers do not require such actions |
| Secure USB drives | Avoid installing software from unverified USB drives; scan all external storage devices before use |
| Enable 2FA | Enable two-factor authentication on all important accounts |
| Browser security | Avoid storing banking passwords in browsers |
| Review extensions | Regularly check browser extensions for suspicious activity |
| Network defence | Block known malicious domains at the firewall and DNS level |
| System monitoring | Enable advanced logging tools on Windows systems |
Organisational Measures
Organisations were also urged to:
- Educate staff on recognising social engineering tactics
- Monitor systems for hidden persistence mechanisms
- Isolate any suspected infected devices immediately
What to Do If Infected
NITDA concluded that any confirmed or suspected incident should be reported quickly, with the following steps:
- Disconnect affected systems from the internet immediately
- Reset passwords from secure, clean devices
- Activate internal response teams within hours to contain the threat
Key Takeaways
| Threat | Details |
|---|---|
| Malware Name | DeepLoad |
| Type | AI-powered credential-stealing malware |
| Distribution Method | Social engineering via fake website error prompts |
| Capabilities | Harvests browser credentials, AI-powered evasion, WMI-based persistence |
| Reactivation Window | Up to 3 days after apparent removal |
| Primary Targets | Nigerian government agencies, financial institutions, businesses, individuals |
| Recommended Defence | 2FA, browser hygiene, network blocking, monitoring, immediate isolation |
