Microsoft’s Malware Protection Center has observed a change in the way malware authors deploy malicious code via NSIS installers. Microsoft suspects that all these campaigns are part of a malware distribution network. The distribution process takes different forms but relies on email spam campaigns, which end up with crooks forcibly downloading an NSIS installer on user PCs and waiting for the user to launch the installer. Microsoft says it has seen malware authors rely on spam campaigns that spread malicious macro-laced Office documents and JavaScript downloaders packed inside ZIP files.
Source: https://www.bleepingcomputer.com/news/security/trend-ransomware-hidden-in-nsis-installers-harder-to-detect/