NITDA Issues Cybersecurity Alert on New AI-Powered Malware DeepLoad
The National Information Technology Development Authority (NITDA) has issued a critical cybersecurity alert regarding DeepLoad, a new AI-driven malware. This malicious software is actively targeting government agencies, financial institutions, businesses, and individuals across Nigeria.
On Wednesday, NITDA published advisory guidelines on its official X handle, urging Nigerian organizations to remain vigilant against potential malware attacks. This warning comes shortly after both public and private institutions in Nigeria experienced unauthorized access and assaults on their information systems. Notable targets included the websites of organizations like Remita, Sterling Bank, the Corporate Affairs Commission (CAC), and the Economic and Financial Crimes Commission (EFCC).
In response to these alarming developments, the Federal Government, through the Ministry of Communications, Innovation, and Digital Economy alongside NITDA, has outlined essential pillars for establishing a Cybersecurity Coordination Ministerial Advisory Committee. This initiative aims to address the increasing incidents of suspected data breaches in Nigeria.
The proposed council will concentrate on creating a national cyber resilience framework that emphasizes accountability, intelligence sharing, policy alignment, and collaboration across various sectors, according to statements from the Ministry of Digital Economy.
DeepLoad: A New Threat in Cybersecurity
NITDA’s advisory highlights that DeepLoad employs social engineering techniques, such as fake website error messages, to distribute itself effectively. Victims are often tricked into pasting malicious commands directly onto their computers. Once activated, the malware operates stealthily, collecting stored credentials and sensitive data from widely used web browsers.
The agency states that DeepLoad utilizes artificial intelligence to avoid detection by antivirus programs, further complicating efforts to combat its spread. Additionally, the malware features a WMI-based persistence mechanism that can reactivate the infection for up to three days after attempts to remove it.
Potential Consequences of Infection
NITDA warns that a successful infection from DeepLoad can lead to unauthorized access to bank accounts, mobile money services, and payment cards. Moreover, sensitive personal information, saved passwords, and documents stored in web browsers could be compromised. Such breaches could result in identity fraud, allowing criminals to impersonate victims for financial gain.
Disruptions to organizations could necessitate complete system isolation and repairs. Given the potential risks, including the compromise of sensitive government networks, the threat of DeepLoad poses a significant concern to national security.
Preventive Measures Recommended by NITDA
NITDA has strongly advised both public and private entities to take protective action against the DeepLoad malware. Organizations are encouraged to reinforce their password security and refrain from pasting commands directly from websites. The agency emphasized that no legitimate software would request such actions.
In addition, businesses are cautioned against opening files labeled ‘Chrome Setup’ or ‘Firefox Installer’ from USB drives without a thorough antivirus scan. NITDA encourages implementing two-factor authentication for all important accounts and recommends against saving banking passwords in web browsers.
Organizational Preparedness and Staff Awareness
Organizations should proactively inform their employees about the dangers posed by the DeepLoad AI malware. Staff should be encouraged to remove unauthorized browser extensions and maintain vigilance to prevent potential cyberattacks. The agency advises alerting all personnel to the risks associated with DeepLoad, enabling PowerShell script blocking logging on all Windows machines, and conducting routine reviews of installed browser extensions.
Furthermore, businesses are urged to block malicious domains at the firewall or DNS level and to conduct checks for hidden WMI event subscriptions. Should an infection be suspected, NITDA stresses the importance of immediate action: disconnect from the internet, change all passwords using a clean device, isolate affected systems, activate an incident response team, and report the incident to NITDA within the mandated 72-hour timeframe.
