It just keeps getting better
The operator of at least one website has been spotted using small pop under window hidden under the user's Windows taskbar to continue to operate an in-browser miner even after the user closed the main browser window.
Discovered by Malwarebytes researcher Jerome Segura, the miscreants behind this campaign utilize a tactic known as a pop-under, a trick that allows them to spawn a new window, separate from the main browser.
An adult portal — used the following formula to dynamically calculate the position of this new window.
Horizontal position = (current screen width) – 100px
Vertical position = (current screen height) – 40px
source November 29, 2017
Anonym zu www.bleepingcomputer.com/news/security/cryptojacking-script-continues-to-operate-after-users-close-their-browser/
Random Tube or TGP (thumbnail gallery post) sites that dominate search returns might be best avoided given the current free for all thats currently under way.