Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Top 10 Next-Generation Firewall Solutions for 2026
July 6, 2026
Microsoft Device Code Phishing Attack Steals Tokens via Login Page
July 6, 2026
Critical Gemini Live Voice flaw lets attackers inject tools via misconfigured tokens
July 6, 2026
Home/CyberSecurity News/SIM Farm-as-a-Service Network Exposes 87 Control Panels Globally
CyberSecurity News

SIM Farm-as-a-Service Network Exposes 87 Control Panels Globally

Key Takeaways An extensive “SIM Farm-as-a-Service” network, powered by the ProxySmart platform, has been uncovered operating globally. The investigation revealed 87 exposed ProxySmart...

Emy Elsamnoudy
Emy Elsamnoudy
April 22, 2026 4 Min Read
49 0

Key Takeaways

  • An extensive “SIM Farm-as-a-Service” network, powered by the ProxySmart platform, has been uncovered operating globally.
  • The investigation revealed 87 exposed ProxySmart control panels across 17 countries, managing at least 94 physical phone-farm locations.
  • This infrastructure facilitates large-scale fraud, bot activity, and identity evasion by enabling rapid IP rotation and OS fingerprint spoofing.
  • Law enforcement has previously taken action against similar SIM farm operations, highlighting the significant threat these networks pose.

A comprehensive global investigation has exposed a vast, industrial-scale mobile proxy ecosystem built upon a shared control platform known as ProxySmart. This illicit network features 87 publicly exposed control panels spanning 17 countries and at least 94 distinct physical phone-farm locations. Operating on a commercial scale, this infrastructure is designed to facilitate widespread fraud, automated bot activity, and identity obfuscation.

Table Of Content

  • Key Takeaways
  • SIM Farm-as-a-Service Network Capabilities
  • Illicit Activities Enabled by SIM Farms
  • What You Should Do

The discovery originated in February 2026 when infrastructure intelligence firm Infrawatch initiated an investigation into offerings described as “SIM Farm as a Service.” This research successfully identified the tangible backbone supporting these services: physical racks populated with real smartphones and 4G/5G modems, hardwired into various carrier networks.

Infrawatch’s findings pinpointed a single software platform, ProxySmart, developed in Belarus, as the common control plane orchestrating the majority of the identified SIM farms. The firm located 87 exposed instances of the ProxySmart control panel accessible via the public internet, which are linked to at least 24 commercial proxy providers and 35 cellular carriers worldwide.

The geographical footprint of these operations encompasses at least 94 physical farm locations across North America, Europe, and South America. The United States exhibits a significant concentration, with deployments identified in 19 states, ranging from California and Texas to Maine and Delaware.

SIM Farm-as-a-Service Network Capabilities

ProxySmart is marketed as a complete, end-to-end solution for establishing and monetizing physical SIM farm infrastructure. The platform, sold on a per-SIM pricing model, manages crucial operational aspects including device control, automated IP address rotation, customer account provisioning, enforcement of service plans, and anti-bot countermeasures, effectively delivering a fully productized SIM Farm-as-a-Service.

The platform supports both physical smartphones and USB 4G/5G modems. For phone-based farms, devices are enrolled using an unsigned Android APK. A critical feature of ProxySmart is its ability to spoof OS fingerprints, allowing farm operators to imitate TCP/IP stack signatures of macOS, iOS, Windows, or Android. This capability significantly undermines fingerprint-based detection mechanisms employed by anti-fraud systems.

ProxySmart also integrates support for various tunneling protocols, including OpenVPN, SOCKS5, VLESS, and standard HTTP proxies. Notably, VLESS is frequently utilized for censorship circumvention in regions such as Russia, China, and Iran.

Mobile proxies hold particular appeal for threat actors due to their operation behind carrier-grade NAT (CGNAT). This architecture means that a single public IP address can be legitimately shared by numerous users, rendering traditional IP-based blocking largely ineffective. This, combined with the ability to rapidly rotate IP addresses—often by simply toggling airplane mode for three seconds to force a carrier reassignment—allows these farms to cycle through addresses at will, complicating both detection and enforcement efforts.

The carrier access advertised through ProxySmart-backed farms includes major global networks such as AT&T, Verizon, T-Mobile, Vodafone, EE, O2, Deutsche Telekom, Telstra, Rogers, and over 30 other providers across the U.S., Europe, Australia, and Latin America.

Illicit Activities Enabled by SIM Farms

SIM farms facilitate a wide array of illicit activities on an industrial scale, including:

  • Bypassing SMS-based One-Time Passwords (OTPs) for account takeover and various forms of fraud.
  • Creating fake accounts and engaging in social media manipulation campaigns.
  • Performing botting and automated engagement on major online platforms.
  • Circumventing geo-restrictions, including bypassing Russian state censorship.
  • Executing payment fraud by intercepting financial verification codes.

Several providers leveraging ProxySmart infrastructure were observed directly targeting Russian-speaking audiences, offering access to U.S.-located mobile connectivity and geo-restricted platforms, such as advanced AI models. Meaningful Know Your Customer (KYC) verification was largely absent among the reviewed providers, with some explicitly advertising zero KYC requirements, thereby making global carrier access readily available to anyone with a payment method.

The Infrawatch findings align with a series of significant law enforcement operations targeting SIM farm infrastructure. In September 2025, the U.S. Secret Service dismantled a major telecommunications threat in New York. This operation involved over 300 co-located SIM servers and 100,000 SIM cards, a scale so immense that officials cautioned it could have disrupted the entire cellular network in New York City.

Subsequently, in October 2025, a Europol-supported operation in Latvia targeted a cybercrime-as-a-service network that relied on SIM-box infrastructure. This resulted in seven arrests and the seizure of 1,200 SIM-box devices and 40,000 active SIM cards.

The 17 countries identified in Infrawatch’s investigation include the United States, Canada, the United Kingdom, Germany, Spain, Portugal, Ukraine, Latvia, France, Romania, Brazil, Ireland, the Netherlands, Australia, Italy, Poland, and Georgia. The U.S. exhibits the highest concentration of these deployments, primarily located in major metropolitan areas with robust 4G/5G coverage. In one instance within the U.S., an operator inadvertently exposed EXIF metadata in published farm images, enabling Infrawatch to precisely geolocate the operation to New York.

Infrawatch concludes that this ecosystem significantly lowers the technical and operational barriers to establishing mobile proxy infrastructure, with ProxySmart imposing minimal gatekeeping on who can operate the platform. The combined capabilities of carrier-grade NAT, rapid IP rotation, multi-carrier availability, and OS fingerprint spoofing collectively diminish the effectiveness of IP-centric detection controls, presenting a persistent and scalable challenge for platform integrity, fraud prevention, and telecommunications security teams worldwide.

What You Should Do

  • Telecommunications providers should enhance monitoring for unusual traffic patterns and rapid IP rotation originating from their networks.
  • Organizations reliant on IP-based fraud detection should implement more sophisticated behavioral analytics and device fingerprinting techniques that go beyond IP addresses.
  • Security teams should educate users about the risks of SIM-swap fraud and encourage the use of strong multi-factor authentication (MFA) methods that are not reliant on SMS.
  • Law enforcement agencies should continue cross-border collaboration to dismantle these global SIM farm operations and prosecute their operators.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

SecurityThreat

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Critical Namastex npm Package Flaw Delivers CanisterWorm Malware

Next Post

DinDoor Backdoor Abuses Deno Runtime and MSI Installers for Evasion

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
OpenSSH 9.7 Fixes Critical Vulnerabilities, Adds New Features
July 6, 2026
Critical Microsoft Edge Bug (CVE-2024-XXXX) Lets Attackers Run Code Remotely
July 6, 2026
Windows 11 24H2, 25H2 Bug Triggers Black Screens, Start Menu Failure
July 6, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us