Scalper bots, or sneaker bots, have been chewing up supplies of the Sony PS5 and Xbox consoles amid a shortage of both units, leaving indvidual buyers in a lurch. In a report published Thursday, bot fighter PerimeterX described the damage that automated bots are causing to consumers and retailers alike. These programs have been dubbed sneaker bots because they typically scoop up pairs of hot, in-demand sneakers and then resell them at exorbitant markups.
SEE: Hiring Kit: Game Developer (TechRepublic Premium)
Since the 2020 holiday season, the bots have been pulling the same stunt with in-demand gaming consoles, specifically the new PS5 and Xbox Series X. As this specific tactic surfaced around Christmas, these programs earned the moniker Grinch Bots.
The transition from sneakers to consoles is a sign that the human scalpers behind these bots are looking for bigger bucks, PerimeterX said in its report. For instance, a PS5 had been selling on eBay, Amazon, and other major retail sites for between $400 and $500. Since then, prices for the PS5 have skyrocketed to as high as $1,800, which means that scalpers who were able to snag dozens of them stand to make a healthy profit.
These bots work by continually scanning the websites of retailers so they can swoop in right at the beginning of a sale ahead of individual buyers. They then serve the scalper all the relevant information, including the retailer’s website, price, available stock and SKU number. If directed, the programs will automatically pick up the item and bypass the usual shopping cart flow by heading to the checkout page.
Using different tricks, the bots are able to fool retail sites into thinking that they’re legitimate customers. By obtaining a valid cookie, they scrape the website’s inventory to impersonate a human being. The bots are even loaded with CAPTCHA-solving solutions that solve these kinds of Turing tests, which are designed to block such automated tools.
Because of their skill and intelligence, some of the bots can cost as much as $700 per license, according to PerimeterX. Some of the bot tools available include Hawk AIO, Zephyr AIO, Snatch and Thunder Solts. And they’re still active, according to Yossi Barkshtein, threat intelligence researcher at PerimeterX. The scalpers behind them will periodically test their tactics in anticipation of new inventory becoming available, which occurs a few times per month with certain items.
A lot of gamers in search of PS5 and Xbox Series X consoles were none too happy with the activities of these bots, according to PerimeterX. The anger is especially intense given that the human scalpers behind them get away without any punishment. The problem was brought to the attention of politicians in the U.K., who suggested prohibiting the resale of PS5 and Xbox. But for now, such bots are allowed to conduct their sneaky and profitable campaigns with little legal pushback.
“While bot-based purchases for reselling may not be fair or ethical, it is legal with one exception,” Barkshtein said. “The resale of tickets purchased using bot technology was made illegal in 2016. Similar bills continue to appear on the legislative docket as well, such as the Stop Grinch Bots Act in 2019. Though legislation can be effective in combating bots and protecting online inventory, most online retailers choose to rely on bot mitigation software that proactively monitors and blocks sophisticated bots.”
With its anti-bot technology, PerimeterX said it has worked with retailers who have been targeted by these sneaker bot attacks, prompting the company to track the latest developments and try to block these malicious activities. But PerimeterX added that it expects to see bots targeting more and more items in the future.