SIMARGL · Project

AI-Powered Detection of Hidden Malware That Traditional Security Tools Miss

digitalTestedTRL 6

Imagine a burglar who sneaks into your house not through the door, but by hiding inside a delivery package you ordered. That's what stegomalware does — it hides malicious code inside normal-looking files like images or documents, slipping past your antivirus completely. SIMARGL built machine learning tools that can spot these hidden threats, even when criminals disguise their attacks in ways no one has seen before. Think of it as training a sniffer dog that can detect contraband no matter how cleverly it's been wrapped.

By the numbers

EUR 4,984,260

EU funding for development

consortium partners

countries involved

industry partners in consortium

SMEs in consortium

60%

industry participation ratio

project deliverables produced

The business problem

What needed solving

Cybercriminals are increasingly hiding malware inside normal-looking files — images, documents, videos — using information hiding techniques that traditional antivirus and security tools cannot detect. This invisible threat, called stegomalware, bypasses standard defenses and puts financial systems, critical infrastructure, and enterprise networks at risk. Organizations need detection capabilities that go beyond signature-based scanning to catch these hidden attacks before they cause damage.

The solution

What was built

SIMARGL delivered a full solution release: a prototype with fully integrated services and toolkits for detecting malware and stegomalware using machine learning. The project produced 13 deliverables across its 3-year timeline, culminating in an integrated detection platform built by 15 partners.

Audience

Who needs this

Banks and financial institutions with high-value transaction systemsEnergy utilities and critical infrastructure operatorsManaged security service providers (MSSPs)Antivirus and endpoint security product vendorsGovernment cybersecurity agencies and defense contractors

Business applications

Who can put this to work

Financial Services

enterprise

Target: Banks and insurance companies with large transaction volumes

If you are a bank dealing with increasingly sophisticated cyberattacks targeting customer data and financial transactions — this project developed an integrated malware and stegomalware detection toolkit that catches threats hidden inside seemingly innocent files. With 9 industry partners involved in building the solution, it was designed for real-world IT environments where traditional antivirus falls short.

Critical Infrastructure

enterprise

Target: Energy utilities and telecom operators

If you are a utility company worried about cyberattacks on your control systems — SIMARGL built detection tools specifically aimed at threats to critical IT systems. The project ran for 3 years with 15 partners across 7 countries, producing a fully integrated prototype that can detect malware using information hiding techniques that current security tools typically miss.

Cybersecurity Products

any

Target: Managed security service providers and antivirus vendors

If you are a cybersecurity vendor looking to add stegomalware detection to your product line — SIMARGL delivered a full solution release with integrated services and toolkits built by a consortium with 60% industry participation. The machine learning-based detection methods could be licensed or integrated into existing security platforms to cover a threat category most competitors ignore.

Frequently asked

Quick answers

What would it cost to adopt or license this technology?

The project received EUR 4,984,260 in EU funding and produced a full solution release prototype. Licensing terms would need to be negotiated directly with the consortium partners. As an Innovation Action with 5 SME partners, commercialization was a core objective.

Can this work at enterprise scale in production environments?

The project delivered a fully integrated prototype with services and toolkits from 15 partners. As an Innovation Action (not basic research), it was designed to move toward deployment. However, scaling to high-throughput enterprise environments would likely require further engineering.

Who owns the intellectual property and how can I license it?

IP is shared among the 15 consortium partners according to the EU grant agreement. The coordinator is FernUniversität in Hagen, Germany. Licensing discussions would typically start with the coordinator or the specific partner whose component you need.

Does this meet regulatory requirements for cybersecurity in my industry?

SIMARGL was funded under the EU's Security topic (SU-ICT-01-2018), indicating alignment with EU cybersecurity priorities. Specific compliance with standards like NIS2, ISO 27001, or sector-specific regulations would need to be verified with the consortium.

How mature is this technology — can I deploy it now?

The project delivered a full solution release prototype by April 2022. With 9 industry partners and 60% industry ratio in the consortium, the technology was built with deployment in mind. Based on available project data, it reached prototype stage with integrated components ready for piloting.

Can this integrate with our existing security infrastructure?

The demo deliverable describes a fully integrated services and toolkits solution, suggesting it was designed for interoperability. The consortium included 9 industry partners who would have practical integration requirements. Specific compatibility with your SIEM, EDR, or SOC tools would need to be discussed with the partners.

Consortium

Who built it

This is a strong industry-driven consortium with 15 partners from 7 European countries. What stands out is the 60% industry ratio — 9 out of 15 partners come from industry, including 5 SMEs. This means the technology was built by companies that understand commercial requirements, not just academics writing papers. The consortium is led by FernUniversität in Hagen (Germany) and spans CZ, DE, FR, IT, NL, PL, and RO, giving it broad European market coverage. With only 2 universities and 3 research organizations, the balance is firmly tilted toward practical application and market readiness.

FERNUNIVERSITAT IN HAGENCoordinator · DE
PLURIBUS ONE SRLparticipant · IT
AIRBUS CYBERSECURITY SASparticipant · FR
THALES SIX GTS FRANCE SASparticipant · FR
ORANGE POLSKA SAparticipant · PL
SOFTWARE IMAGINATION AND VISION SRLparticipant · RO
STICHTING CUING FOUNDATIONparticipant · NL
CONSIGLIO NAZIONALE DELLE RICERCHEparticipant · IT
EUROSOFT DEVELOPMENT SAparticipant · RO
POLITECHNIKA WARSZAWSKAparticipant · PL
ITTI SP ZOOparticipant · PL
Agentia de Administrare a Retelei Nationale de Informatica Pentru Educatie si Cercetareparticipant · RO
USTAV MEZINARODNICH VZTAHU V.V.I.participant · CZ

How to reach the team

FernUniversität in Hagen, Germany — a public university with technology transfer office. Contact through their research services department.

Order a report on this consortium See FERNUNIVERSITAT IN HAGEN profile →

Next steps

Talk to the team behind this work.

Want to explore licensing SIMARGL's stegomalware detection technology for your security product or enterprise? SciTransfer can connect you directly with the right consortium partner for your use case.

Order a report on this topic More in Digital & ICT