Many websites have been outed for embedding such scripts in order to use the CPU and GPU power of users to mine for cryptocurrencies.
Security company Malwarebytes said in a blog post that the new technique had been spotted in tests that it had carried out using Google's Chrome browser running on Windows.
Researcher Jérôme Segura said he had observed the following:
He said that although the visible browser windows were closed, there was a hidden window that remained open.
"This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock," he added.
Segura said that more technical users would be able to spot the presence of the pop-under window by running Windows Task Manager and terminating any browser processes that were still running.
Graphic: courtesy Malwarebytes