Mobile proxy abuse has become the Swiss Army knife of cybercrime. However, ProxySmart just turned it into an industrial assembly line. This Belarus-based software platform now powers at least 87 exposed SIM farm operations across 17 countries, creating a shared control plane that makes large-scale mobile proxy fraud as easy as ordering takeout. Your enterprise’s bot detection systems are facing an opponent that’s gone from garage startup to Fortune 500 scale overnight.
SIM Farms Go SaaS
ProxySmart eliminates technical barriers for wannabe cybercriminals seeking mobile proxy capabilities.
Think of ProxySmart as a turnkey stack that handles the messy technical details so operators can focus on making money. The platform manages everything from device control (phones via unsigned Android APKs, modems through ModemManager) to IP rotation using airplane mode toggles and hardware resets.
“A large percentage of this ecosystem is managed by ProxySmart, effectively enabling ‘SIM Farm as a Service,’” according to Infrawatch, the research firm that uncovered this operation in February 2026. The software supports multiple protocols including:
- OpenVPN
- SOCKS5
- VLESS
- HTTP tunneling
SIM Farms Built on Consumer Gear
Alcatel modems and unlimited carrier plans become weapons against corporate security systems.
The beauty—if you can call it that—lies in the mundane hardware choices. These farms rely on consumer gear like Alcatel IK4 modems connected to unlimited plans from AT&T, Verizon, T-Mobile, and major European carriers. External antennas boost signal strength while carrier-grade NAT enables rapid IP rotation that makes your fraud detection algorithms dizzy.
One U.S. operation in New York was geolocated through EXIF metadata, revealing racks of phones that would look perfectly normal in any electronics store. The investigation identified 94 physical farm locations spanning North America, Europe, and South America.
Enterprise Impact Beyond Bot Traffic
SIM farms undermine A2P messaging revenue while enabling sophisticated social engineering attacks.
Your organization faces threats beyond simple bot traffic. These operations support:
- Large-scale account creation
- Social media manipulation
- Geo-restriction bypassing that makes content moderation nearly impossible
Telecom carriers lose A2P messaging revenue while dealing with network congestion from farms that treat unlimited plans like all-you-can-eat buffets.
The downstream proxy providers market these services with minimal KYC requirements, often targeting Russian-speaking audiences seeking censorship circumvention tools. Twenty-four commercial proxy providers now link to this ProxySmart ecosystem across 35 different carriers.
Enforcement Races Technology
Recent takedowns reveal the massive scale but also highlight detection challenges ahead.
Law enforcement is finally catching up, with the U.S. Secret Service dismantling a New York operation running 300+ servers and 100,000 SIMs last September. Europol seized 1,200 SIM-boxes and 40,000 SIMs in Latvia that October.
But ProxySmart’s latest features—including OS fingerprint spoofing that mimics macOS and Windows devices—suggest the arms race is just beginning. Your security teams need to prepare for mobile proxies that don’t just rotate IPs but completely change their digital fingerprints.
UPDATE: April 28, 03:00 PM ET
Alex Zak, Technical Consultant & Director of Public Relations at ProxySmart, reached out to us with the following comment:
“ProxySmart is a data-path proxy management platform. It has no
SMS-origination, no voice-call primitives, no USSD handling, no SIM-box
interconnect. These are precisely the capabilities that defined the
SIM-box infrastructure dismantled by the Secret Service (NY, Sept 2025)
and Europol (Latvia, Oct 2025) — both referenced in the original
Infrawatch context. ProxySmart doesn’t have those capabilities.
The Infrawatch report itself acknowledges this is a grey-area situation,
with Catalin Cimpanu (Risky Business, April 24) noting that “some of
these clients are legitimate companies with real corporate identities.”
Other publications covering the same report have updated to include
vendor perspective:”
Their full technical response:
https://proxysmart.org/a-response-to-recent-third-party-research/
The title of this article was changed to better reflect this information and provide perspective.
