The way they usually work is they give you some string and you sign it to prove you own the address.
Could a malicious air drop make a transaction sending all your BTC to them, and then you sign it, and then they broadcast it to the network?
Or is signing a message different than signing a transaction?
Airdrops are meant to be safe because they entails simple tasks to create awareness about the project in different ways , but nowadays scammers have looked for ways to exploit it so as to scam participants. Any airdrop that asked for your private keys or tell you to sign a certain message by providing you with a link to follow is highly fraudulent. Also, any Airdrop asking you to send a certain amount of ETH or as the case maybe looks questionable too.
i have never seen an airdrop that requires signing a message although i have seen user that ask that before on this forum . i think they need some proof of owner ship and they will be use it on other sites . airdrops dont also ask for your private keys but its the public keys ( your wallet address ) are the ones that they need so that they can send you a reward although some need you to fill on thier site or download another wallet . airdrops are free of charge so they are safe .