It is entirely possible for server-side javascript to cause a compiled piece of software to be executed on a remote machine, via a browser exploit. This assembly code could have very well been used to download a secondary payload from a FBI server, the secondary payload could have been a program written in C, and after it downloaded it then it could have executed it and infected the system with a persistent backdoor. That is very common for hackers to do, javascript exploit to inject assembly code into the target computers memory and execute it, assembly code downloads secondary payload from the internet and executes it. The FBI didn't do that because they didn't need to and might have been restricted by the court from doing so, and instead they just used an assembly program that gathers mac address and hostname and sends it to a server outside of Tor. Yeah it was encoded in Magneto. I would call it malware because it compromised user security. I don't know what your definition of malware is, but if it requires a persistent infection then it could have been delivered by this attack as well, magneto would have just downloaded a secondary more complex compiled program and executed it.