Recent findings from Infrawatch outline the scale of operations associated with ProxySmart, identified as a participant in the “SIM-Farm-as-a-Service” sector. Based in Belarus, ProxySmart is described as operating within what is reported to be the largest known mobile proxy market globally.
The investigation identified 94 SIM-farm sites using ProxySmart’s software across 17 countries, supported by 24 proxy providers across North America, Europe, and South America. These SIM farms are reported to use connectivity across 35 mobile carriers, including Three, O2, EE, and Vodafone.
SIM farms typically consist of banks of SIM cards or 4G/5G devices managed remotely. They are described as being used to bypass phone-based verification systems and access services using domestic mobile numbers. Reported use cases include:
- Bypassing SMS-based one-time password verification
- Accessing or taking over banking, social media, and other online accounts
- Enabling payment-related fraud through interception of verification codes
- Supporting large-scale bot activity and fake account creation
Technical analysis cited in the report indicates capabilities such as automated IP rotation, remote device management, and network fingerprint spoofing.
Infrawatch reports that ProxySmart-related services are structured to operate with reduced detection, including bypassing KYC checks and accepting cryptocurrency payments. These services are also reported to be promoted on dark web forums.
The report also notes a structural limitation in detection approaches, stating that mobile network operators often assign a single IP address across multiple connections, making IP-based separation of traffic difficult. SIM farms are described as being managed directly by operators, rather than relying on compromised consumer devices.
The analysis identifies 24 commercial providers offering access to ProxySmart-linked SIM farms, with some targeting specific regions or use cases. For example, one Russia-based service is reported to provide access to US-based SIM farms, while other services focus on account creation and automated social media activity.
An initial reference to a UK-based service contributed to a wider investigation into the ProxySmart network. Infrawatch suggests that organisations consider an internet infrastructure intelligence approach using real-time scanning to identify and manage traffic associated with SIM-farm-related proxy networks.
