Yes, dust attack.
There has some smart contract reacting to send you a scam token everytime you are doing transaction, the best solution just ignores the token you are don't know or ended to your address. So, even you move the token you will get the scam token because smart contract reacting to your "TX".
I always leave it any token I don't know. If you not approved the token trade on AMM exchange, then should be fine.
Thank you for this reply. I would like to hear from you they can steal my funds (transferring my funds to another wallet without my notice) without private key only by using Dust Attack.