Though it requires active participation from the participant, i.e. visiting the "infected" website. Whereas this method requires no actions on part of the server, beyond behaving normally.
Makes me wonder what other sort of things a given server is participating in without realizing it. I don't see how you could use this exact technique(TCP checksums) to mine crypto, for example, but there might be some relatively common web applications out there that could be exploited in a similar way.
It's a shame how so many websites just don't function even with minimal Javascript features turned off, because that's essentially the only way to really defend against this sort of malware.
There's blacklisting which can be used in uBlock, and you can limit the processorusage of threads within a browser with whitelisting. E.g. "Hacker News is requesting excessive usage of your GPU. Would you like to allow this usage?"
I wrote a java applet which would calculate the digits of PI, when it loaded it would fetch the most current result by polling a CGI - and every minute or so that it was running it would upload its progress to that same CGI.
That was back in 1998, or so. When Java Applets were almost useful. I showed a pretty animation, and stole your resources!