Posted in

SIM Farm-as-a-Service Network Exposes Global Fraud Ecosystem

by Rakesh0

A massive SIM farm-as-a-service network has been uncovered, revealing a sophisticated global ecosystem enabling fraud, bot operations, and identity evasion at scale.

Security researchers identified 87 exposed control panels across 17 countries, all powered by a centralized platform called ProxySmart. Behind these panels lies a sprawling infrastructure of real smartphones and 4G/5G modems, forming a commercialized system for mobile proxy abuse.

This discovery signals a major shift in cybercrime:

From isolated fraud operations → to fully productized infrastructure-as-a-service

In this article, you’ll learn:

  • What SIM farm-as-a-service is
  • How ProxySmart powers global fraud operations
  • Why mobile proxies are difficult to detect
  • Real-world abuse scenarios
  • Risks to enterprises and platforms
  • Mitigation strategies

What Is a SIM Farm-as-a-Service Network?

A SIM farm is a setup where multiple SIM cards and mobile devices are used to generate large volumes of mobile traffic.

SIM Farm-as-a-Service (SFaaS) takes this further:

  • Provides remote access to mobile IPs
  • Automates device and SIM management
  • Offers proxy services commercially

Key Components

  • Physical smartphones or USB modems
  • SIM cards connected to telecom carriers
  • Centralized control platform (ProxySmart)
  • API access for customers

ProxySmart: The Core Control Platform

At the center of this ecosystem is ProxySmart, a Belarus-linked platform acting as the control plane.

What ProxySmart Enables

  • Device orchestration
  • IP rotation automation
  • Customer provisioning
  • Traffic routing
  • Anti-detection features

Scale of Exposure

Researchers identified:

  • 87 exposed control panels
  • 94+ physical SIM farm locations
  • 24 proxy providers involved
  • 35 telecom carriers leveraged

How the Infrastructure Works

Operational Flow

SIM Devices → ProxySmart Control Panel → IP Rotation → Customer Access → Fraud Activity

Physical Layer

  • Racks of smartphones
  • 4G/5G USB modems
  • Direct carrier network connections

Software Layer

  • Android APK for device enrollment
  • ProxySmart dashboard for control
  • Multi-protocol proxy support

Why Mobile Proxies Are So Powerful

1. Carrier-Grade NAT (CGNAT)

  • Multiple users share a single IP
  • Makes IP blocking ineffective

2. Rapid IP Rotation

  • Toggle airplane mode
  • Get a new IP instantly

3. Real Mobile Network Traffic

  • Appears as legitimate user activity
  • Harder to distinguish from normal behavior

4. Multi-Carrier Access

Supported networks include:

  • AT&T, Verizon, T-Mobile
  • Vodafone, O2, Deutsche Telekom
  • Telstra, Rogers, and more

Advanced Evasion Techniques

OS Fingerprint Spoofing

ProxySmart allows simulation of:

  • macOS
  • iOS
  • Windows
  • Android

👉 This bypasses fingerprint-based detection systems.

Protocol Flexibility

Supports:

  • SOCKS5
  • HTTP proxies
  • OpenVPN
  • VLESS (popular for censorship bypass)

Real-World Abuse Scenarios

SIM farm networks enable a wide range of cybercriminal activities:

1. OTP Bypass Attacks

  • Intercept SMS verification codes
  • Enable account takeover

2. Fake Account Creation

  • Mass social media account generation
  • Bot-driven engagement

3. Payment Fraud

  • Intercept financial verification messages
  • Execute fraudulent transactions

4. Geo-Restriction Bypass

  • Access region-locked services
  • Circumvent censorship controls

5. AI Platform Abuse

  • Access geo-restricted AI tools
  • Evade usage restrictions

Global Footprint: 17 Countries Affected

The infrastructure spans:

  • United States
  • United Kingdom
  • Germany, France, Spain
  • Canada, Brazil
  • Australia
  • Eastern Europe and beyond

U.S. as a Major Hub

  • Highest concentration of deployments
  • Spread across 19 states
  • Located in major metro areas

Low Barrier to Entry for Cybercriminals

One of the most alarming findings:

Minimal KYC Enforcement

Many providers:

  • Require little to no identity verification
  • Accept anonymous payments
  • Market directly to high-risk regions

Result:

👉 Anyone can access global mobile proxy infrastructure

Law Enforcement Crackdowns

Recent actions highlight the scale of the problem:

United States (2025)

  • 300+ SIM servers seized
  • 100,000 SIM cards recovered
  • Potential impact on NYC cellular network

Europe (Latvia, 2025)

  • 1,200 SIM-box devices seized
  • 40,000 active SIM cards
  • Multiple arrests

Cybersecurity Risk Analysis

1. Fraud at Scale

  • Industrialized account abuse
  • Automated attack infrastructure

2. Detection Challenges

Traditional defenses fail due to:

  • IP rotation
  • Real mobile traffic
  • Fingerprint spoofing

3. Platform Integrity Threat

Impacts:

  • Social media platforms
  • Financial services
  • E-commerce systems
  • Telecom providers

Common Misconceptions

❌ “IP blocking is enough”

Mobile proxies render IP-based controls ineffective.

❌ “Bots are easy to detect”

These systems mimic real users at scale.

❌ “Fraud is isolated”

This is now a global, service-based ecosystem.

Mitigation Strategies

1. Move Beyond IP-Based Detection

Adopt:

  • Behavioral analytics
  • Device reputation scoring
  • Risk-based authentication

2. Strengthen Identity Verification

3. Detect Anomalous Patterns

Monitor:

  • Rapid IP switching
  • Unusual login patterns
  • Device inconsistencies

4. Telecom-Level Controls

  • SIM usage monitoring
  • Carrier collaboration
  • Fraud signal sharing

5. Zero Trust Approach

  • Continuous verification
  • Least privilege access
  • Real-time risk assessment

Expert Insight: The Rise of Fraud Infrastructure-as-a-Service

This discovery marks a critical shift:

Cybercrime is no longer just attacks—it’s infrastructure sold as a service

SIM farms are now:

  • Scalable
  • Affordable
  • Globally accessible

FAQs

What is a SIM farm?

A system using multiple SIM cards and devices to generate mobile network traffic.

What is ProxySmart?

A platform that manages SIM farms and enables mobile proxy services.

Why are mobile proxies hard to detect?

They use real carrier networks and shared IP addresses.

What crimes do SIM farms enable?

Fraud, botting, account takeover, and geo-restriction bypass.

How many systems were exposed?

87 control panels across 17 countries.

How can organizations defend against this?

By using behavioral detection and stronger identity verification.

Conclusion: A New Era of Scalable Fraud

The SIM farm-as-a-service ecosystem powered by ProxySmart represents a major evolution in cybercrime.

Key Takeaways:

  • Fraud infrastructure is now commercialized
  • Mobile proxies bypass traditional defenses
  • Detection requires behavioral intelligence
  • Global collaboration is essential

Organizations must rethink their defenses to address large-scale, infrastructure-driven threats.

Subscribe

Leave a Reply

Your email address will not be published. Required fields are marked *