RESEARCH SIM Farms as a Service: A Massive Shared Control Plane Operation Spanning 87 Farms We identify 87 physical SIM farms across 17 countries, link downstream proxy providers, and describe the technical capabilities that enable large-scale fraud and abusive automation. 10 mins read Apr 21, 2026 Executive Summary In February 2026, Infrawatch investigated several self-proclaimed “SIM Farm as a Service” offerings, identifying the underlying physical infrastructure: racks of real phones and 4G/5G modems connected to carrier networks. Infrawatch identified 87 exposed instances of the ProxySmart control panel across 17 countries, linked to at least 24 commercial proxy providers and 35 cellular providers. The observed footprint includes at least 94 physical phone-farm locations across North America, Europe, and South America, including a distributed presence across 19 U.S. states. SIM farms enable a range of illicit and abusive activity at industrial scale and are supported by a broader downstream ecosystem of software, infrastructure, and commercial evasion services. In September 2025, the U.S. Secret Service dismantled a telecommunications threat in New York involving more than 300 co-located SIM servers and 100,000 SIM cards. In October 2025, a Europol-supported operation in Latvia targeted a cybercrime-as-a-service network that relied on SIM-box infrastructure, leading to seven arrests and the seizure of 1,200 SIM-box devices and 40,000 active SIM cards. Infrawatch assesses that a large portion of the mobile proxy ecosystem is enabled by a shared SIM Farm as a Service control plane called ProxySmart. Some ProxySmart-powered providers market directly to Russian-speaking audiences as a means of obtaining U.S.-located mobile connectivity and accessing geo-restricted platforms. Across providers reviewed, meaningful KYC was uncommon, and some explicitly advertised that no KYC was required, making mobile carriers across the world broadly accessible to any buyer. ProxySmart is publicly associated with a Belarus-based vendor footprint and offers an end-to-end stack for operating and monetising a physical farm, including device management, automated IP rotation, customer provisioning, plan enforcement, and anti-bot countermeasures. Technical analysis indicates operator capabilities consistent with large-scale evasion enablement, including automated IP rotation, remote device control, and network fingerprint spoofing. How ProxySmart Works ProxySmart appears to function as OEM software used by multiple SIM farm operators. The platform explicitly positions itself as the stack for operators seeking to run a “Professional 4G/5G Mobile Proxy Farm,” and is supported by extensive installation, deployment, and operational documentation. Figure 1 - Example of SIM Farm Deployment ProxySmart is sold to farm operators on a SIM-count pricing model and provides an end-to-end stack for operating and monetising mobile proxy infrastructure. Its functionality spans farm management, device control, customer provisioning, retail proxy sales, and payment handling. In effect, it offers a fully fledged SIM farm as a Service platform. The platform is marketed as a turnkey solution rather than a tool intended only for highly technical operators. Its public-facing materials advertise a web interface, API, remote access, documentation, and support, presenting SIM farm deployment as a productised commercial setup rather than a specialist engineering effort. This likely lowers the technical barrier to establishing and operating mobile proxy infrastructure. Mobile proxies are attractive to users because they typically sit behind carrier-grade NAT, meaning a single IP address may be shared by multiple clients at the same time. This makes IP-based blocking less effective and also enables rapid IP rotation, since addresses can often be changed simply by forcing a reconnection to the carrier network. The Farms Infrawatch identified 87 distinct instances of the ProxySmart control panel across 17 countries, linked to at least 24 commercial proxy providers. These providers rely on phone- or modem-based farms, hosted either directly by the provider or by third parties. Taken together, these deployments underpin a global phone-farm network spanning at least 94 locations across North America, Europe, and South America. Figure 2 - SIM cards installed in 4G dongles within a ProxySmart deployment Separately, Infrawatch identified the location of a U.S.-based operator who openly promoted a phone farm online while inadvertently exposing EXIF metadata in published images. That operator was assessed to be based in New York. Within a single farm, more established operators often distribute SIM cards across multiple carrier networks in order to increase the value of their infrastructure to downstream proxy providers. This expands the available IP address pools, improving the likelihood of bypassing IP-based restrictions. The SIM cards are typically acquired on unl...