Malicious maybe, malware no. Not leaving your password as a sticky note on your work computer is presumably also taught in those same courses. I wouldn’t call someone typing in that password malware. If IT comes around and tries the password and then forces you to reset it it’s not even classified as malicious.
I suppose it's watering down the term a bit; but the term is derived from "malicious software", and this is software, and I think it's behaving maliciously.