Από τον normis στο επίσημο φόρουμ της ΜΤ:
Many of you have asked, what is this Mēris botnet that some news outlets are discussing right now, and if there is any new vulnerability in RouterOS.

As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched.

Unfortunately, closing the vulnerability does not immediately protect these routers. If somebody got your password in 2018, just an upgrade will not help. You must also change password, re-check your firewall if it does not allow remote access to unknown parties, and look for scripts that you did not create.

We have tried to reach all users of RouterOS about this, but many of them have never been in contact with MikroTik and are not actively monitoring their devices. We are working on other solutions too.

As far as we know right now - There are no new vulnerabilities in these devices. RouterOS has been recently independently audited by several contractors.

If you do see a RouterOS device that has malicious scripts or SOCKS configuration that was not created by you, especially if this configuration APPEARED NOW, RECENTLY, WHILE RUNNING A NEW ROUTEROS RELEASE: Please contact us immediately.
More specifically, we suggest to disable SOCKS and look in the System -> Scheduler menu. Disable all rules you can't identify. By default, there should be no Scheduler rules, and SOCKS should be off.
https://forum.mikrotik.com/viewtopic.php?f=21&t=178417
ΠΡΟΣΟΧΗ!!!