The tests were carried out in the Google Chrome browser. The animation shows that when you close the browser with a regular site, CPU usage immediately drops to about zero. But when you close a site with a built-in miner for some reason, CPU usage remains at the same level more than 60% (for masking the miner does not properly load the processor to the maximum).
The trick is that despite the visible closure of the browser window, Google Chrome does not actually close, but remains in memory. The malware opens an invisible pop-up window like pop-under. I have to admit, this is a very literal reception.
The coordinates of the pop-up window are selected to hide exactly behind the clock on the task panel.
In the hours.
People, this is a tarakana.