Back

NITDA Warns of DeepLoad AI Malware Targeting Nigeria

Severity: High (Score: 71.0)

Sources: Arise.Tv, Thecondia, Allafrica, Channelstv

Summary

The National Information Technology Development Agency (NITDA) issued a warning on May 6, 2026, regarding a new AI-powered malware named DeepLoad. This malware is actively targeting Nigerian government agencies, financial institutions, and businesses, posing a significant threat to sensitive data. DeepLoad uses social engineering tactics, specifically fake website error messages, to trick users into executing malicious commands. Once installed, it can harvest credentials and sensitive information while evading conventional antivirus detection. Notably, DeepLoad features a hidden WMI-based persistence mechanism that allows it to reactivate even after attempts to remove it. NITDA has urged immediate action from all organizations and individuals to implement protective measures against this evolving threat. The malware's capabilities could lead to identity fraud and unauthorized access to financial accounts. The advisory emphasizes that all sectors, including small enterprises and large organizations, are at risk. Key Points: • DeepLoad malware targets Nigerian government and financial sectors using AI techniques. • It employs social engineering to trick users into executing malicious commands. • The malware can reactivate post-removal, making it particularly dangerous.

Key Entities

  • Data Breach (attack_type)
  • Malware (attack_type)
  • Corporate Affairs Commission (company)
  • Economic And Financial Crimes Commission (company)
  • Remita (company)
  • Remita Payment Services (company)
  • Sterling Bank (company)
  • Nigeria (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • cerrt.ng (domain)
  • forest-entityl.cc (domain)
  • Financial (industry)
  • Government (industry)
  • DeepLoad (malware)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1047 - Windows Management Instrumentation (mitre_attack)
  • T1059.001 - PowerShell (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • Windows (platform)
  • Windows Management Instrumentation (tool)
  • PowerShell (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed