Why is prl_naptd in Parallels talking with Russian Advertising Company

Discussion in 'Installation and Configuration' started by CarlC1, Apr 16, 2020.

  1. CarlC1

    CarlC1 Bit Poster

    Messages:
    4
    I have Parallels Desktop 15 for Mac Pro-Edition Version 15.1.3 (47255) and am also running Little Snitch software.

    Doing a regular check of little snitch results, process /Applications/Parallels Desktop.app/Contents/MacOS/prl_naptd is talking to adriver.ru (a Russian advertising company).
    Hostname: ssp.adriver.ru
    IP Address: 81.222.128.213
    TCP Port: https (443)
    Protocol: TCP
    Connected: no
    Connects: 2 allowed, 0 denied
    First Activity: 3h 30m ago
    Last Activity: 3h 30m ago

    Why is my Parallels Software talking to a Russian advertising company?
     
  2. oztrev

    oztrev Bit Poster

    Messages:
    94
  3. Roland07

    Roland07 Bit Poster

    Messages:
    18
    sometimes, this is an indication that your system is infected with a malware (trojan/spyware etc.). It talks over https, but that can be for any reason. Your browser could have contacted this website while you were surfing as part of a cross side scripting attack, or it loaded something in the background. If this site gets contacted more often, it might be an issue. This (part of the) logfiles states that it was contacted only once, a few days ago. This would make me say: it was a one-time connection. Keep an eye on it.
     
  4. CarlC1

    CarlC1 Bit Poster

    Messages:
    4
    From what I can tell /Applications/Parallels Desktop.app/Contents/MacOS/prl_naptd is some kind of gateway file for parallels.... when a browser inside parallels accesses an external site it's logged as being accessed by prl_naptd.... I am guessing the ssp.adriver.ru is showing up when the internal browser is viewing something like yahoo.com that links to all sorts of advertising sites.
     
  5. oztrev

    oztrev Bit Poster

    Messages:
    94
    prl_naptd is a Network Address Port Translation daemon.
     
  6. Roland07

    Roland07 Bit Poster

    Messages:
    18
    Yup, it is what enables parallels to use the network if your not using host-only or shared network.
     
  7. GregorG1

    GregorG1 Bit Poster

    Messages:
    7
    OK, but I have "shared network (recommended)" set and prl_naptd is not only still in use, but is using the 69.1% of my CPU, even though I don't even have a browser open in the VM. (Though I do have a mail client (Outlook) on.)
    That can't be right! Anyone from Parallels monitoring these chats?
    Please let us know if this really is malware, or we can afford to kill process hogs like this. I've never noticed it taking this much CPU capacity--what's normal and how to fix? Thanks
     

Share This Page