NITDA warns of AI malware targeting Nigerian institutions

The National Information Technology Development Agency (NITDA) has issued a critical advisory regarding a new AI-enhanced malware strain, "DeepLoad," which is actively targeting Nigerian government agencies, financial institutions, and businesses.

As of today, May 7, 2026, the agency warns that the threat is severe due to the malware's ability to use artificial intelligence to bypass traditional security systems.

The Nature of "DeepLoad" Malware
AI-Powered Evasion: Unlike standard malware, DeepLoad leverages AI to adapt its code, allowing it to remain invisible to most antivirus software and detection mechanisms.

Primary Objective: Once a system is infected, the malware focuses on harvesting stored credentials (passwords) and sensitive data from major web browsers.

Social Engineering Tactics: The malware is primarily spread through a deceptive technique involving fake website error messages. These messages trick users into manually copying and pasting a malicious command into their computer’s terminal or command prompt to "fix" the error.

NITDA’s Computer Emergency Readiness and Response Team (CERRT) confirmed that the malware is specifically being used in campaigns against:

Government Agencies: Aiming to exfiltrate state secrets or administrative login details.

Financial Institutions: Seeking to compromise banking platforms and customer data.

Corporate Organizations: Targeting intellectual property and employee credentials.

The agency has urged all organizations and individuals to implement the following protective measures immediately:

Terminal Caution: Never paste commands from a website into your computer's terminal. Legitimate software or websites will never ask a user to do this to resolve an error.

Verify Updates: Do not open or install files named "Chrome Setup" or "Firefox Installer" from unknown sources or USB drives.

Endpoint Security: Use advanced endpoint detection and response (EDR) tools that use behavioral analysis rather than just signature-based detection.

Employee Training: Organizations are advised to conduct immediate sensitization for staff on the "fake error message" social engineering tactic.

NITDA has categorized this as a high-risk threat, emphasizing that the "active targeting" of Nigerian entities suggests a coordinated effort by cybercriminals to exploit the country's digital infrastructure.