![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 74%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
What you’re describing is almost always not a real RAT on your phone, but an email account takeover with a malicious inbox rule or forwarding rule inside your Microsoft Outlook account, attackers commonly create hidden rules that replace, delete, or rewrite incoming emails with ransom text; to fix it, sign in to Outlook on the web (browser) → Settings → Mail → Rules and delete anything suspicious, then check Forwarding, Sweep rules, Blocked/Allowed senders, and Connected apps / Sessions (sign out of all devices), disable POP/IMAP if not needed, remove unknown app passwords, verify your recovery email/phone were not changed, and keep 2FA enabled; on your Samsung/Android phone a true RAT is very unlikely unless you installed unknown APKs, but for safety update the OS, uninstall unknown apps, and if the problem persists after cleaning Outlook rules, back up your phone and perform a factory reset, once those hidden mail rules are removed, the ransom message behavior should stop immediately.