- SIM farm deployments in 17 countries linked via shared ProxySmart software
- Remote SIM infrastructure bypasses phone verification systems globally
- The network connects dozens of telecommunications operators across Europe, North America and beyond
A never-before-seen network of SIM farms linked to a Belarus-based provider has been identified across multiple continents, showing how mobile networks are being used to support large-scale fraudulent operations.
Research published by UK-based cyber company Infraveille found a distributed infrastructure that allows remote access to physical SIM hardware connected to telecommunications networks in multiple regions.
Infraveille identified 94 SIM farm deployments in 17 countries linked via software operated by a Belarus-based provider called ProxySmart.
Article continues below
Facilitating large-scale fraud
The deployments were supported by 24 commercial providers selling access to SIM connectivity in Europe, North America and South America.
The network offers connections to 35 mobile operators, including major UK operators such as Three, O2, EE and Vodafone. Connectivity in the United States was also widely available, with infrastructure spread across 19 states that allowed attackers to appear as legitimate domestic users.
SIM farms consist of racks of SIM cards or mobile devices that can be controlled remotely on a large scale. These are commonly used to bypass phone verification methods, including SMS one-time passwords used during logins or payments.
Their ability to mimic legitimate consumer connections makes it difficult for service providers to distinguish malicious traffic from ordinary mobile activity.
Technical analysis carried out by Infraveille discovered that the ProxySmart platform supports automated IP address rotation, remote device control, and network fingerprinting. This allows operators to maintain persistent access to telecommunications infrastructure while reducing the chances of being detected.
Investigators also found that services selling access to ProxySmart-backed SIM farms are promoted through online forums and messaging platforms.
Many of these services operate without customer identity verification, accept cryptocurrency payments, and are structured to reduce the visibility of control systems.
Blocking SIM farm activity is difficult because mobile operators assign a single IP address to multiple customers, making it difficult to separate legitimate users from malicious actors using IP-based filtering methods.
“Until now, SIM farms have been largely overlooked as criminal infrastructure – in part because the UK is the only country to have banned them, making it difficult for law enforcement to crack down globally,” said Lloyd Davies, founder and CEO of Infraveille.
“This investigation highlights a significant resilience gap that exposes organizations and users to online fraud and harm. The global ecosystem of SIM farm operators and monetization services is highly sophisticated and serves as an anchor on telecommunications networks in Europe, America and South America for bad actors.”
The investigation began with the discovery of a UK-based SIM farm service and expanded into a broader mapping effort that revealed the scale of the ProxySmart ecosystem.
The results were shared with relevant law enforcement agencies and regulators before publication.
“ProxySmart is openly advertised as a SIM farm as a service and, unfortunately, this is not hype or marketing. These are serious operators who have perfected a model that simplifies running a SIM farm end-to-end: from remote assistance for setting up modem racks to dedicated software for remote infrastructure management and anti-bot countermeasures,” Davies added.
“The legal gray area that SIM farms find themselves in has allowed this model to evolve with limited disruption and we believe it is very likely that it is now facilitating large-scale fraud operations.”
With dozens of deployments already identified across multiple regions, the study shows how remote telecommunications access infrastructure is being commercialized and repurposed to support fraud, account abuse and automated online activity.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
