I think so. You ask a server for something and it bundles that thing with other bits crafted to make you do something other than what you originally contacted the server for.
It might exploit a buffer overflow or it might exploit a distractable human, but it's malware just the same.
It might exploit a buffer overflow or it might exploit a distractable human, but it's malware just the same.