- SIM farm deployments across 17 countries linked via shared ProxySmart software
- Remote SIM infrastructure enables bypass of phone-based verification systems globally
- Network connects dozens of telecom carriers across Europe North America and beyond
A previously unreported network of SIM farms linked to a Belarus-based provider has been identified across multiple continents, showing how mobile networks are being used to support fraud operations at scale.
Research published by UK-based cyber firm Infrawatch found a distributed infrastructure that allows remote access to physical SIM hardware connected to telecom networks in multiple regions.
Infrawatch identified 94 SIM farm deployments across 17 countries linked through software operated by a Belarus-based provider called ProxySmart.
Article continues below
Facilitating large-scale fraud
The deployments were supported by 24 commercial providers selling access to SIM connectivity across Europe, North America, and South America.
The network offers connections to 35 cellular carriers, including major UK operators such as Three, O2, EE, and Vodafone. U.S. connectivity was also widely available, with infrastructure distributed across 19 states that allows attackers to appear as legitimate domestic users.
SIM farms consist of racks of SIM cards or mobile devices that can be controlled remotely at scale. These are commonly used to bypass phone-based verification methods, including SMS one-time passwords used during logins or payments.
Their ability to mimic legitimate consumer connections makes it difficult for service providers to distinguish malicious traffic from ordinary mobile activity.
Technical analysis carried out by Infrawatch found that the ProxySmart platform supports automated IP rotation, remote device control, and network fingerprint spoofing. This allows operators to maintain persistent access to telecom infrastructure while cutting the chances of being spotted.
Investigators also found that services selling access to ProxySmart-backed SIM farms are promoted through online forums and messaging platforms.
Many of these services operate without customer identity checks, accept cryptocurrency payments, and are structured to reduce visibility to enforcement systems.
Blocking SIM farm activity is difficult because mobile operators assign a single IP address to multiple customers, making it tricky to separate legitimate users from malicious actors using IP-based filtering methods.
“SIM farms have been largely overlooked as criminal infrastructure to date – in part because the UK is the only country to have outlawed them, making global law enforcement crackdowns difficult,” said Lloyd Davies, Founder and CEO, Infrawatch.
“This investigation highlights a significant resilience gap that leaves organisations and users more exposed to fraud and online harms. The global ecosystem of SIM farm operators and monetisation services is highly sophisticated and acts as a foothold into telecoms networks across Europe, America and South America for bad actors.”
The investigation began with the discovery of a UK-based SIM farm service and expanded into a wider mapping effort that revealed the scale of the ProxySmart ecosystem.
Findings were shared with relevant law enforcement bodies and regulators ahead of publication.
“ProxySmart is openly advertised as a SIM Farm-as-a-Service and, unfortunately, that’s not hype or marketing. These are serious operators who have perfected a model that makes running a SIM farm simple from end-to-end: from offering remote assistance setting up racks of modems to a dedicated software for remote infrastructure management and anti-bot countermeasures,” Davies added.
“The legal grey area that SIM farms sit in has allowed that model to scale with limited disruption and we assess that it’s highly likely to be facilitating large-scale fraud operations today.”
With dozens of deployments already identified across multiple regions, the research shows how remote telecom access infrastructure is being commercialized and reused to support fraud, account abuse, and automated online activity.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
