PasswordState password manager’s update hijacked to drop malware