Few days ago Kaspersky Lab have discovered that on Mikrotik routers somebody has included in Winbox malicious components.
The code spies on PCs through a multi-layer attack that targets MikroTik routers.
It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive.
https://www.engadget.com/2018/03/11/sop ... h-routers/
https://www.dobreprogramy.pl/Popularne- ... 86736.html
Please let me know oficially how to check this on my Mikrotik routers and hardware.