A recent investigation has revealed a massive mobile proxy network known as ProxySmart, which spans 17 countries and involves 87 exposed control panels and at least 94 physical phone-farm locations. This network is used for large-scale fraud, bot activity, and identity evasion, posing significant challenges to security professionals worldwide. The investigation was conducted by Infrawatch, an infrastructure intelligence firm, which identified the physical backbone of these operations as racks of smartphones and 4G/5G modems connected to carrier networks.

ProxySmart serves as the central control platform for these operations, enabling the management and monetization of SIM farm infrastructure. The platform is marketed as a turnkey solution, offering device management, IP rotation, customer provisioning, and anti-bot measures. It supports both physical smartphones and USB modems, with features such as OS fingerprint spoofing to evade detection by anti-fraud systems. The platform also supports various tunneling protocols, making it attractive to threat actors who seek to bypass IP-based blocking and censorship.

The network's global footprint includes major carriers like AT&T, Verizon, T-Mobile, Vodafone, and others, allowing for widespread access to mobile connectivity. This architecture enables a range of illicit activities, including SMS-based OTP bypass, fake account creation, and payment fraud. The ProxySmart-backed providers often market to Russian-speaking audiences, offering access to U.S. mobile connectivity and geo-restricted platforms with minimal Know Your Customer (KYC) verification.

Recent law enforcement actions have targeted similar SIM farm infrastructures, highlighting the ongoing threat posed by these networks. In 2025, operations in New York and Latvia led to significant seizures and arrests, underscoring the scale and impact of these activities. The U.S. has the highest concentration of ProxySmart deployments, particularly in areas with strong 4G/5G coverage, making it a focal point for these operations.

Security teams should be aware of the challenges posed by ProxySmart and similar networks, which lower the barriers to operating mobile proxy infrastructure. Enhanced detection and prevention measures, focusing on IP-centric controls and carrier-grade NAT, are essential to combat this persistent threat. Organizations must remain vigilant and adapt their strategies to address the evolving tactics used by threat actors in this domain.

Source: https://infrawatch.com/blog/inside-the-mobile-farm-the-oem-stack-powering-us-4g-5g-proxy-networks