[ameminator]

I imagine it would be much more likely to have a "backdoor"-ed version of kicad that would phone in with intellectual property rather than PCB spyware. Making a PCB is too much like writing assembly for it to go unnoticed...

[gmueckl]

Exfiltrating KiCAD project files and manually designing a subtly backdoored version is a much more likely attack. An automatically inserted backdoor has a high risk of detection, dragging the entire plot out into the open. Stealthily phoning home is harder to detect and most small operations that would use KiCAD are probably not well equipped to detect such network traffic. The downside is of course that physical access to the product is required to install the backdoored electronics.