ProxySmart Software: The Belarusian Platform Powering 90+ SIM Farms for Cybercrime

Cybersecurity researchers have uncovered a sophisticated software platform called ProxySmart, which is enabling SIM farm operators to conduct cybercrime on an industrial scale. This Belarus-based tool has been linked to at least 87 control panels across 17 countries, according to a new report from Infrawatch.

But what exactly is ProxySmart, and how does it facilitate such widespread criminal activity? Let’s break down the findings.

What Is ProxySmart SIM Farm Software?

ProxySmart is a turnkey software platform designed to manage and monetize physical SIM farms—collections of smartphones or modems used to generate large volumes of mobile IP addresses. The platform offers an end-to-end solution, including device management, automated IP rotation, customer provisioning, and anti-bot countermeasures.

According to Infrawatch, ProxySmart is publicly associated with a Belarus-based vendor and markets itself as a commercial product rather than a niche tool for technical experts. This means that even operators with limited technical skills can set up and run a SIM farm, dramatically lowering the barrier to entry for cybercrime.

How ProxySmart Powers Cybercrime at Scale

SIM farms are a critical enabler for various types of cybercrime, including smishing (SMS phishing), premium-rate number fraud, bot sign-ups, and one-time password interception. They can also be used by nation states; for example, Russian authorities have employed SIM farms to spread disinformation in Ukraine.

ProxySmart effectively offers “SIM Farm as a Service” (SFaaS), providing a complete ecosystem for operators. The platform supports physical smartphones and USB 4G/5G modems. Smartphones are enrolled via an unsigned Android APK, while modems are managed using the open-source ModemManager tool.

Interestingly, IP rotation for phones works by automatically toggling airplane mode on and off for three seconds, forcing a reconnection to the cellular network and assigning a new egress IP. This rapid rotation makes it extremely difficult for authorities to track or block malicious traffic.

Key Features of the ProxySmart Platform

The platform supports several tunneling and proxy protocols, including OpenVPN, SOCKS5, VLESS, and HTTP proxies. It also includes an OS spoofing feature that allows operators to simulate TCP fingerprints of macOS, iOS, Windows, or Android—further complicating detection efforts.

Infrawatch noted that the backend service is written in Python and heavily obfuscated using PyArmor, making it harder for researchers to analyze. The control panel is typically self-hosted by the farm operator, with a reverse proxy deployed in front to disguise its location.

Global Reach: 90+ SIM Farms Across 17 Countries

Infrawatch identified 87 instances of ProxySmart control panels in 17 countries, along with 94 phone farm locations. These farms are distributed across 19 U.S. states, as well as multiple countries in Europe and South America.

The report concluded that “this ecosystem materially lowers the barrier to operating and reselling mobile proxy infrastructure, with limited evidence of meaningful eligibility checks across many downstream providers.” This means that the combination of carrier-grade NAT, rapid IP rotation, and multi-carrier availability reduces the effectiveness of IP-centric controls and complicates attribution at scale.

For more on SIM farms and their impact, check out this analysis of SIM farm cybercrime risks. Additionally, learn about how mobile proxy threats are evolving.

What This Means for Cybersecurity

The discovery of ProxySmart highlights a growing trend: the commoditization of cybercrime infrastructure. By offering a user-friendly, productized platform, ProxySmart enables a wider range of actors to engage in sophisticated attacks without needing deep technical expertise.

As a result, organizations must adapt their defenses. Traditional IP-based blocking is no longer sufficient when attackers can rotate IPs rapidly and spoof device fingerprints. Instead, security teams should focus on behavioral analysis, multi-factor authentication, and threat intelligence sharing.

Furthermore, law enforcement agencies need to collaborate internationally to dismantle these networks. Given that ProxySmart is linked to Belarus, international cooperation will be crucial for any takedown efforts.

In conclusion, ProxySmart represents a significant evolution in SIM farm operations, making cybercrime more accessible and harder to stop. Staying informed about such threats is the first step toward building stronger defenses. For more insights, see our guide to emerging cybercrime trends in 2025.

Former Ransomware Negotiator Pleads Guilty to Aiding BlackCat Cyber Gang in Multimillion-Dollar Scheme

In a stunning betrayal of trust, a former ransomware negotiator pleads guilty to secretly colluding with the notorious BlackCat cyber gang. Angelo Martino, 41, from Land O’Lakes, Florida, admitted to one count of conspiracy to obstruct commerce by extortion, according to the U.S. Department of Justice. This case highlights a dark underbelly of the cybersecurity industry, where those hired to defend can become the attackers.

The Inside Job: How a Negotiator Turned Traitor

Martino, who worked for the incident response firm Digital Mint, began cooperating with the BlackCat ransomware group in April 2023. As a negotiator for five corporate ransomware victims, he had access to sensitive information—including insurance policy limits and internal negotiation strategies. Instead of protecting his clients, he passed these details to the cybercriminals, allowing them to maximize their extortion demands. The Justice Department confirmed that Martino was paid for this intelligence.

But his betrayal did not stop there. Martino also admitted to conspiring with Ryan Goldberg of Georgia and Kevin Martin of Texas to deploy ransomware against various U.S. victims between April and November 2023. This made him an active affiliate of the BlackCat group, directly participating in attacks rather than just facilitating them.

Multimillion-Dollar Extortion: The Scale of the Scheme

The financial impact of this conspiracy was staggering. Authorities have already seized $10 million in assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. Court documents reveal that an unnamed hospitality firm paid a ransom of $16.5 million, a financial services firm paid $25.7 million, and a non-profit organization paid $26.8 million. Other victims spanned retailers, manufacturers, medical companies, engineering firms, and pharmaceutical companies.

Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division condemned the betrayal: “Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims. Instead, he betrayed them and began launching ransomware attacks himself by assisting cybercriminals and harming victims, his own employer, and the cyber incident response industry itself.”

BlackCat Ransomware Group: A Persistent Threat

The BlackCat group, also known as ALPHV, has been one of the most prolific ransomware operations in recent years. The FBI estimated that the group made as much as $300 million from hundreds of victims up to late 2023. In one notorious incident, an affiliate threatened to report a victim to the U.S. Securities and Exchange Commission (SEC) to pressure payment—a tactic that underscores the group’s ruthlessness.

However, law enforcement struck back in December 2023, seizing the group’s leak site and releasing a decryptor for the ransomware. Experts believe this action may have saved victims tens of millions of dollars in ransom payments. Despite this, the case of Martino shows how deeply the tentacles of such groups can reach into the cybersecurity industry.

Legal Consequences and Lessons for the Industry

Martino will be sentenced on July 9 and faces a maximum penalty of 20 years in federal prison. This case serves as a stark warning to other cybersecurity professionals who might consider crossing ethical lines. It also raises critical questions about vetting processes and oversight within incident response firms.

For businesses, this incident underscores the importance of choosing trusted cybersecurity partners and implementing strict monitoring protocols. As ransomware attacks continue to evolve, the line between defender and attacker can blur—making vigilance more crucial than ever. To learn more about protecting your organization, explore our guide on cybersecurity best practices and tips for building a ransomware response plan.

In conclusion, the case of a ransomware negotiator pleading guilty to aiding the BlackCat cyber gang is a cautionary tale. It reminds us that trust must be earned and verified, especially in the high-stakes world of cyber extortion. As the sentencing date approaches, the cybersecurity community will be watching closely—hoping that justice serves as a deterrent for future betrayals.

Kids Are Using Fake Mustaches to Bypass Age-Verification Systems—Here’s How

It turns out that some age-verification systems are no match for a little creativity. According to a recent report from the U.K.-based nonprofit Internet Matters, children are drawing on fake mustaches with makeup pencils to slip past the digital gates of adult websites. This eyebrow-raising tactic is just one of several methods kids are using to defeat online age checks.

The report surveyed 1,000 children about their experiences with age-verification checks. Approximately half of the respondents said that these checks were easy to bypass. “Children demonstrated a clear awareness of how to bypass age checks, either through their own experiences or by hearing about methods from others,” the report states. It adds that “one technique brought up was children drawing facial hair on themselves so that the tools verifying them would think they were older, which was reported as working in multiple instances.”

How the Fake Mustache Trick Works

Age-verification systems often rely on facial recognition or real-time camera checks to estimate a user’s age. However, children have discovered that adding a simple accessory—like a drawn-on mustache—can fool these tools into thinking they are adults. This method exploits the algorithms’ reliance on visual cues associated with maturity, such as facial hair.

Building on this, other kids have found alternative bypasses. Some point their webcams at adult-looking characters in video games, while others simply pull obscure or funny faces. These workarounds highlight the fragility of current age-gating technology.

The Global Push for Age-Verification Laws

Age-verification laws are spreading rapidly worldwide, often promoted under the banner of online child safety. In the United States, half of all states have enacted some form of age-checking legislation. The United Kingdom has also implemented such laws, spurring a global trend. These regulations typically require adults to prove their age—usually by uploading a government-issued ID to a third-party service—before accessing adult content.

Critics, however, argue that these laws create databases vulnerable to hacking and leaks. They also warn that such measures threaten the open and decentralized nature of the internet. Companies like Apple have rolled out software updates to comply with these laws, while platforms like Reddit and Meta use a mix of ID uploads and algorithmic age estimation. Others, such as Discord, have delayed their rollouts due to user backlash and security concerns.

Why Current Age-Check Systems Are Failing

The fake mustache trick is not an isolated incident. As age-verification checks become more common, children are proving remarkably adept at finding loopholes. This suggests that many systems are not robust enough to handle determined users. The reliance on superficial visual cues makes them easy to manipulate.

Furthermore, the report indicates that kids share bypass methods among themselves, creating a cycle of circumvention. This raises questions about the effectiveness of these laws in achieving their stated goal of protecting minors. For more insights on online safety, check out our guide on keeping kids safe online.

What This Means for Parents and Policymakers

For parents, the takeaway is clear: age-verification systems are not foolproof. It is essential to have open conversations with children about online safety and the risks of adult content. For policymakers, the findings underscore the need for more sophisticated, privacy-preserving solutions. Relying on superficial checks like facial hair detection is not enough.

In addition, tech companies must invest in stronger verification methods that balance security with user privacy. As the landscape evolves, stay informed about the latest developments in digital age verification. Ultimately, the fake mustache trick serves as a wake-up call: current systems are failing, and a smarter approach is needed.