the best thing to do is to either ignore or blacklist those tokens. since one wallet address has been gotten, they will keep sending those tokens. scammers can hack one wallet when one trades with them, or click on links attached to these tokens. research and make findings of these tokens, one should not be carried away by the expectation of what they offer, and end up losing one's coin in his/her wallet.
I'm not sure that it can hack the wallet if we do trading and transfer activities from shittoken, I haven't found any facts from that incident but we have to ignore all activities from shittoken because it won't be profitable.
Regardless of whether there have been cases of wallet hacking from the wallet or not, then of course we have to be aware that vulnerable cases can occur without realizing it, so the right advice should be to ignore foreign tokens that are received without buying, bounty and airdrop activities.