Unveiling Cybercrime: The Role of ProxySmart in SIM Farm Operations
In the realm of cybersecurity, recent investigations have highlighted the alarming presence of a Belarus-based software platform called ProxySmart, which is reportedly aiding SIM farm operators in facilitating cybercrime on an unprecedented scale. This revelation comes from a detailed report published by Infrawatch on April 21, which outlines the extensive reach and capabilities of ProxySmart, revealing its integration into the operations of SIM farms across multiple countries.
The investigation identified a staggering 87 instances of ProxySmart control panels operating in 17 different countries, along with 94 verified phone farm locations. Notably, these SIM farms have been located across 19 states in the United States, as well as in various nations in Europe and South America. This expansive footprint underscores the growing concern regarding the use of SIM farms in various cybercriminal activities.
The report elucidated that ProxySmart is directly linked to a Belarusian vendor and provides a comprehensive end-to-end solution for the management and monetization of physical mobile farms. It encompasses several critical functionalities, including device management, automated IP rotation, customer provisioning, plan enforcement, and anti-bot countermeasures. Infrawatch’s technical analysis elucidated that the platform enables capabilities aligned with large-scale evasion tactics, one of which includes the automation of IP rotations and the ability to conduct remote device control and network fingerprint spoofing.
SIM farms serve as a critical nexus for a multitude of cybercrime activities. These operations can facilitate smishing (a form of phishing conducted via SMS), premium-rate number fraud, bot sign-ups, as well as the interception of one-time passwords. Furthermore, the platform’s capabilities can extend to being utilized by nation-states, as evidenced by the use of such technologies by Russian authorities to disseminate disinformation, particularly in the ongoing conflict in Ukraine.
Infrawatch’s report conveyed that ProxySmart represents a significant portion of this ecosystem, effectively transforming it into what they described as a "SIM Farm as a Service." Notably, the platform is promoted as a user-friendly solution, lessening the technical barriers typically associated with establishing and operating such sophisticated mobile proxy infrastructures. This has substantial implications, allowing users without extensive technical know-how to engage in potentially nefarious activities.
The operational framework of ProxySmart is structured around a pricing model that scales with the number of SIMs used, catering directly to SIM farm operators. The platform provides an all-encompassing toolkit for managing and monetizing mobile proxy infrastructures, encompassing features for farm management, device oversight, customer provisioning, retail proxy sales, and payment processing. It is accessible through a web-based control panel, which operators typically host themselves. To obscure their operational locations, they often deploy a reverse proxy in front of this panel.
ProxySmart boasts the capability to support both physical smartphones and USB 4G/5G modems. The former is introduced to the network through an unsigned Android APK downloaded from the operator’s own website, while the latter is managed by the open-source ModemManager. According to the report, the ProxySmart infrastructure is heavily obfuscated, making the underlying Python code difficult to analyze.
One of the critical operations enabled by ProxySmart involves automated IP rotation for phones, accomplished by controlling airplane mode to force a reconnection to the cellular network. This tactic facilitates the reassignment of egress IPs, thus complicating tracking efforts by authorities. The software supports a range of tunneling protocols, including OpenVPN, SOCKS5, VLESS, and HTTP proxies, along with an OS spoofing feature that allows farm operators to simulate different operating systems through the web panel.
Infrawatch concluded that this ecosystem significantly diminishes the obstacles associated with operating and reselling mobile proxy infrastructure, demonstrating few restrictions regarding eligibility checks for numerous downstream providers. The multiplicity of rapid IP rotation alongside the use of multi-carrier setups fundamentally undermines any IP-centric controls that law enforcement agencies may employ, thereby complicating large-scale attribution efforts.
In response to the report’s findings, ProxySmart’s technical consultant, Alex Zak, reached out to clarify the platform’s purpose, asserting that ProxySmart is primarily a data-path proxy management layer rather than a SIM farm itself. Zak emphasized that ProxySmart lacked functionalities fundamental to SIM farms, such as SMS origination or interconnect capabilities. He further detailed that the platform was backed by legitimate use cases in sectors like advertising verification, brand protection, cybersecurity research, and fraud detection.
The ongoing discourse surrounding ProxySmart underscores a critical juncture in the intersection of technology and cybercrime, raising pressing questions about how best to address emerging threats in an increasingly digital world.