NITDA

The National Information Technology Development Agency (NITDA) has issued a critical advisory warning Nigerians about a new and highly sophisticated malware named Deepload, which is actively targeting government agencies, financial institutions, businesses, and individual users across the country.

The advisory, titled "Deepload AI-Powered Malware Actively Targeting Nigerian Organisations," outlines how the malware operates, who is most at risk, and the steps organisations and individuals can take to protect themselves.

What Deepload Does

According to NITDA, a successful Deepload infection can lead to unauthorised access to bank accounts, mobile money services, and payment cards, as well as theft of saved passwords, personal documents, and browser-stored information. The malware can also enable identity fraud, allowing criminals to impersonate victims for financial gain.

The agency identified government agencies, banks, critical infrastructure operators, businesses of all sizes, and individuals who use online banking as the most vulnerable targets.

How It Works

What makes Deepload particularly dangerous is its use of artificial intelligence to evade antivirus detection, making it harder for conventional security tools to catch.

The malware spreads through social engineering, specifically fake website error messages that trick users into pasting a malicious command into their computers. Once executed, Deepload silently installs itself, harvests stored credentials and sensitive data from web browsers, and disappears from plain sight.

At its core is a hidden WMI-based persistence mechanism that can reactivate the infection up to three days after it appears to have been removed, effectively making it resistant to standard cleanup efforts.

Deepload is also a product of the growing Malware-as-a-Service (MaaS) industry, where cybercriminals develop and sell ready-to-deploy malware tools to other bad actors, lowering the technical barrier for launching sophisticated attacks.


What You Should Do

NITDA's advisory closed with a set of recommended protective actions for both individuals and organisations:

  • Never paste a command into your browser or terminal unless you fully understand its source. Legitimate software never requests this.
  • Do not open files named "Chrome Setup" or "Firefox Installer" from USB drives. Always scan external devices with antivirus software before use.
  • Enable two-factor authentication (2FA) on all accounts and avoid saving banking passwords in your browser.
  • Organisations should train staff on Deepload and embed cybersecurity best practices into operational procedures.
  • If infection is suspected, disconnect from the internet immediately, change all passwords from a clean device, isolate affected systems, activate your incident response team, and report to NITDA within 72 hours as required by law.

A Growing Threat Landscape

The emergence of Deepload reflects a broader and troubling trend in the global cybersecurity environment, the convergence of social engineering and advanced technology. As the malware industry becomes more commercialised and accessible, attacks are growing in both sophistication and frequency.

For Nigeria, where digital financial services are expanding rapidly, the stakes are particularly high. Regulatory bodies like NITDA will need to intensify public awareness campaigns and enforcement mechanisms to keep pace with an evolving threat landscape that increasingly targets everyday users, not just large institutions.