Video: Here's everything you need to know about Bitcoin cash
Most of the browser-based miners on sites that use the Monero-mining Coinhive service can be stopped simply by closing the browser, which stops them chewing up your CPU.
However, security firm Malwarebytes has discovered a new case where the page will continue mining even after the browser is closed.
The technique relies on a tiny 'pop-under' window, which is sometimes used to load hidden ads. For extra cover, the window is designed to sit behind the Windows taskbar, making it hard to spot.
"The trick is that although the visible browser windows are closed, there is a hidden one that remains opened. This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock," wrote Malwarebytes researcher Jerome Segura.
In-browser cryptominers have grown in popularity, partly in response to the rise of ad-blockers. Coinhive was proposed as a legitimate alternative to advertising. The Pirate Bay, for example, recently integrated Coinhive in its site for this reason, but annoyed some users by apparently accidentally setting it to use 100 percent of a visitor's CPU. It later dialed it back.
The chief problem is that the sites often use visitors' hardware without permission. So while these miners aren't technically malware, Malwarebytes and other security firms recently began blocking Coinhive sites. And there are now plenty of Coinhive clones.
The web miner Malwarebytes found tries to fly under the radar by limiting CPU usage to around 50 percent. Segura notes the pop-under technique also allows it to bypass adblockers.
Users who believe their PC is being abused for someone else's mining profits have a few options to detect and stop the activity.
Segura notes that users can open Task Manager and kill intensive browser processes being used by the miner. If the taskbar is set to transparent, the pop-under can be seen. Additionally, resizing the task bar will reveal the hidden window.
Segura predicts "drive-by mining" will continue to remain popular for all the wrong reasons.
"Forced mining (no opt-in) is a bad practice, and any tricks like the one detailed in this blog are only going to erode any confidence some might have had in mining as an ad replacement," he wrote.
"Unscrupulous website owners and miscreants alike will no doubt continue to seek ways to deliver drive-by mining, and users will try to fight back by downloading more adblockers, extensions, and other tools to protect themselves. If malvertising wasn't bad enough as is, now it has a new weapon that works on all platforms and browsers."
Previous and related coverage
Expect to see more miners silently chewing up CPU resources through your browser.
Stealthy and persistent cryptocurrency-mining malware is hitting Windows machines.
IT leader's guide to the blockchain [Tech Pro Research]
The blockchain may hold significant opportunities for the enterprise, from financial services to IP protection to job documentation. This ebook looks at what the blockchain is and how it could affect your business.
The cryptocurrency's value has risen nine-fold since the beginning of the year.