SIM Farm-as-a-Service: ProxySmart Exposes Global Mobile Proxy Infrastructure

April 22, 2026 Faeem BLOGS 0

Overview A global investigation has revealed an industrial-scale SIM Farm-as-a-Service ecosystem, powered by a Belarus-based platform called ProxySmart. Researchers identified 87 exposed control panels across 17 countries and at least 94 physical phone-farm locations, enabling large-scale fraud, bot activity, and identity evasion.

Key Highlights

  • Control Plane: ProxySmart acts as the shared backbone for SIM farms worldwide.
  • Scale: 87 exposed panels, 24 proxy providers, 35 carriers, and 94 farm locations.
  • Geographic Spread: Strong presence in the U.S. (19 states), Europe, and South America.
  • Capabilities:
    • Device management and IP rotation.
    • OS fingerprint spoofing (macOS, iOS, Windows, Android).
    • Support for tunneling protocols (OpenVPN, SOCKS5, VLESS, HTTP).
  • Carrier Access: Farms advertise connectivity through AT&T, Verizon, T-Mobile, Vodafone, EE, O2, Deutsche Telekom, Telstra, Rogers, and 30+ others.

Technical Breakdown

  • Physical Infrastructure: Racks of smartphones and 4G/5G modems hardwired into carrier networks.
  • APK Enrollment: Unsigned Android APK used to enroll devices into farms.
  • Fingerprint Spoofing: Simulates TCP/IP stack signatures to evade detection.
  • Carrier-Grade NAT (CGNAT): Shared IP addresses make blocking ineffective.
  • Rapid IP Rotation: Achieved by toggling airplane mode for three seconds.
  • Use Cases: OTP bypass, fake account creation, botting, geo-restriction circumvention, payment fraud.

Risks to Enterprises & Platforms

  • Fraud at Scale: OTP bypass enables account takeover.
  • Platform Manipulation: Fake accounts and bot engagement distort social media and e-commerce ecosystems.
  • Telecom Security: Carrier networks abused for proxy infrastructure.
  • Global Reach: Farms marketed to Russian-speaking audiences for U.S. connectivity and restricted AI model access.
  • Weak KYC: Providers advertise zero verification, lowering barriers for threat actors.

Defensive Guidance

  • Carrier Collaboration: Telecoms must monitor for abnormal SIM usage patterns.
  • Platform Integrity: Social networks and financial services should enhance fraud detection beyond IP-based controls.
  • Law Enforcement Coordination: Build on prior operations (e.g., U.S. Secret Service in NYC, Europol in Latvia).
  • Detection Enhancements: Focus on behavioral signals, device fingerprints, and transaction anomalies.
  • Policy Enforcement: Push for stricter KYC requirements among proxy providers.

Final Thought

ProxySmart’s SIM Farm-as-a-Service model demonstrates how fraud infrastructure has become productized, lowering barriers for cybercriminals to operate at scale. With exposed panels across 17 countries and direct carrier access, these farms pose a persistent challenge to telecoms, financial institutions, and online platforms. The lesson is clear: IP-centric defenses are no longer sufficient — detection must evolve to counter industrialized proxy ecosystems.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.