Some scripts are designed to look like they are scanning, but if they ever "find" a key, the code is hard-wired to send that key (or your own existing wallet data) to the attacker’s server.
