A recent investigation has brought to light a massive mobile proxy system, uncovering 87 control panels distributed across 17 countries. Central to this discovery is ProxySmart, a shared control platform that enables a myriad of fraudulent activities worldwide.
Extensive SIM Farm Operations Uncovered
In February 2026, Infrawatch, a firm specializing in infrastructure intelligence, uncovered a large-scale operation dubbed as ‘SIM Farm as a Service.’ This operation relies on numerous smartphones and 4G/5G modems connected directly to carrier networks. The backbone of this operation is ProxySmart, a Belarus-based software platform that facilitates these activities on an international scale.
Investigators identified 87 instances of ProxySmart’s control panel available on the public internet. These are linked to at least 24 commercial proxy providers and 35 cellular carriers around the globe. The operation spans 94 locations, prominently found in North America, Europe, and South America, with a significant number situated in the U.S.
ProxySmart: The Engine of SIM Farms
ProxySmart is marketed as a comprehensive solution for managing SIM farm infrastructure. It provides services such as device management, IP rotation, and customer provisioning, all while countering anti-bot measures. This platform supports both physical smartphones and USB modems, enrolling devices through an unsigned Android APK.
One of the critical features of ProxySmart is its OS fingerprint spoofing capability, allowing operators to bypass detection systems by emulating various operating systems. The platform also supports multiple tunneling protocols, making it an attractive choice for threat actors, especially in countries with stringent censorship like Russia, China, and Iran.
The Global Impact and Response
The ProxySmart-backed farms facilitate a wide array of illicit activities, including bypassing SMS-based OTPs, creating fake accounts, and manipulating social media. These operations also enable circumvention of geo-restrictions and conduct payment fraud by intercepting verification codes.
Recent law enforcement actions have targeted similar infrastructures. For instance, in September 2025, the U.S. Secret Service dismantled a significant SIM farm operation in New York. Meanwhile, in October 2025, a Europol-led initiative in Latvia led to multiple arrests and the seizure of over 1,200 SIM-box devices.
Infrawatch’s findings highlight the ease with which these networks can be established and operated, given the minimal regulatory barriers. The combination of carrier-grade NAT, rapid IP changes, and multi-carrier access poses a formidable challenge to cybersecurity teams globally.
As these operations continue to expand, stakeholders in telecom and cybersecurity sectors must collaborate to enhance detection and prevention measures. Stay informed by following our updates on Google News, LinkedIn, and X.
