Global SIM Farm Syndicate: Inside the ProxySmart Empire Powering a New Era of Digital Fraud
Subtitle: Investigators have traced a sprawling network of SIM farms-powered by Belarus-based ProxySmart-fueling cybercrime across 17 countries and dozens of mobile carriers.
When a single software platform can unlock tens of thousands of fresh mobile identities at the tap of a button, the digital world’s defenses begin to crumble. This is the reality researchers have uncovered in the form of ProxySmart-an industrial-scale SIM Farm-as-a-Service operation connecting cybercriminals, fraudsters, and even censorship evaders across continents. Welcome to the new frontier of digital deception, where phone numbers and IP addresses are as disposable as burner phones, and the line between legitimate and illicit blurs with each click.
The heart of this operation is ProxySmart, a commercial software stack sold out of Belarus. Unlike traditional proxy and VPN services, ProxySmart lets operators control entire phone farms-physical racks containing dozens or hundreds of phones and USB modems, each loaded with SIM cards from various carriers. These devices are managed through self-hosted web panels, often obscured behind cloud-based reverse proxies to hide their true location.
What makes ProxySmart so dangerous? Its ease of use and technical sophistication. By toggling airplane mode or using advanced tunneling protocols (like VLESS and SOCKS5), operators can rapidly change IP addresses and spoof their devices’ operating systems, making detection by anti-fraud systems extremely difficult. The platform even mimics the network signatures of various devices-Android, iOS, Windows, and macOS-fooling fingerprint-based security controls.
The scale is staggering: Infrawatch researchers mapped at least 87 ProxySmart control panels and 94 farm sites spanning North America, Europe, and South America-with a heavy U.S. presence in 19 states. Farms tap into dozens of carriers, mixing SIM cards to maximize their reach and minimize the risk of being blocked at the network level.
Downstream, the consequences are severe. These farms are behind waves of SMS one-time password (OTP) interception, fake account creation, and payment fraud. Many services explicitly advertise “no KYC” (Know Your Customer) requirements, making it easy for bad actors to remain anonymous. Russian-speaking audiences are a key market, often seeking to bypass Western platform blocks or state censorship.
Law enforcement is playing catch-up. Recent operations in New York and Latvia have dismantled large SIM-box networks, but ProxySmart’s global, decentralized approach lowers the barrier for anyone to launch or resell mobile proxy infrastructure at scale. Traditional IP-blocking measures are rendered nearly useless; only advanced behavioral and infrastructure intelligence can hope to stem the tide.
As the digital arms race escalates, ProxySmart’s rise signals a new era where mobile identities are weaponized at industrial scale. For defenders, the message is clear: adapt, or risk being overrun by a shadow network hiding in plain sight.
WIKICROOK
- SIM farm: A SIM Farm uses many SIM cards and devices to send huge volumes of automated scam or spam messages, often for cybercrime or fraud.
- ProxySmart: ProxySmart is a software platform that automates and manages SIM farms, often used in proxy and fraud operations to control many mobile proxies remotely.
- Carrier: A carrier is a telecom provider offering wireless network services to mobile devices, essential for secure communication and data transfer in cybersecurity.
- IP rotation: IP rotation is the regular changing of proxy IP addresses to evade detection, blocking, and rate limits when accessing websites or online services.
- OS fingerprint spoofing: OS fingerprint spoofing disguises a device’s operating system to evade detection, bypass security controls, or mislead network security tools.




