- SIM farm deployments in 17 countries linked through shared ProxySmart software
- Remote SIM infrastructure makes it possible to bypass phone-based verification systems globally
- The network connects dozens of telecommunications operators throughout Europe, North America and beyond.
A previously unreported network of SIM farms linked to a Belarus-based provider has been identified across multiple continents, showing how mobile networks are being used to support fraud operations at scale.
Research published by UK-based cyber company Undersurveillance found a distributed infrastructure that allows remote access to physical SIM hardware connected to telecom networks in multiple regions.
Undersurveillance identified 94 SIM farm deployments in 17 countries connected through software operated by a Belarus-based provider called ProxySmart.
Article continues below.
Facilitate large-scale fraud
The deployments were supported by 24 commercial providers selling access to SIM connectivity in Europe, North America and South America.
The network offers connections to 35 mobile operators, including major UK operators such as Three, O2, EE and Vodafone. US connectivity was also widely available, with infrastructure spread across 19 states allowing attackers to appear as legitimate domestic users.
SIM farms consist of racks of SIM cards or mobile devices that can be controlled remotely at scale. They are commonly used to bypass phone verification methods, including SMS one-time passwords used during logins or payments.
Its ability to mimic legitimate consumer connections makes it difficult for service providers to distinguish malicious traffic from ordinary mobile activity.
Technical analysis performed by Undersurveillance discovered that the ProxySmart platform supports automated IP rotation, remote device control, and network fingerprinting. This allows operators to maintain persistent access to telecommunications infrastructure while reducing the chances of being detected.
Researchers also found that services selling access to ProxySmart-backed SIM farms are promoted through online forums and messaging platforms.
Many of these services operate without customer identity checks, accept cryptocurrency payments, and are structured to reduce visibility to law enforcement systems.
Blocking SIM farm activity is difficult because mobile operators assign a single IP address to multiple clients, making it difficult to separate legitimate users from malicious actors using IP-based filtering methods.
“To date, SIM farms have been largely overlooked as criminal infrastructure, partly because the UK is the only country to have banned them, making global law enforcement crackdowns difficult,” said Lloyd Davies, founder and CEO. Undersurveillance.
“This research highlights a significant resilience gap that leaves organizations and users more exposed to online fraud and harm. The global ecosystem of SIM farm operators and monetization services is highly sophisticated and acts as a foothold for bad actors in telecommunications networks in Europe, the Americas and South America.”
The investigation began with the discovery of a UK-based SIM farm service and expanded into a broader mapping effort that revealed the scale of the ProxySmart ecosystem.
The findings were shared with relevant law enforcement agencies and regulators before publication.
“ProxySmart openly advertises itself as a SIM farm as a service and, unfortunately, that’s not hype or marketing. These are serious operators who have perfected a model that simplifies the operation of an end-to-end SIM farm: from offering remote assistance for setting up modem racks to dedicated software for remote infrastructure management and anti-bot countermeasures,” Davies added.
“The legal gray area that SIM farms are in has allowed that model to grow with limited disruption and we assess that it is very likely to facilitate large-scale fraud operations today.”
With dozens of deployments already identified across multiple regions, the research shows how telecommunications remote access infrastructure is being commercialized and repurposed to support fraud, account abuse, and automated online activity.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
