Thanks to you both for taking the time to reply. I have done malware scans on my devices which have detected nothing, and I have seen no evidence of unauthorized activity on any of my devices. My Activity Monitor is not showing anything unusual on my CPU. Other than the breach of my Evernote account (which was due to my own negligence in reusing a password), I have seen no other incidents.
There have been no unauthorized devices on my Evernote account since changing my password. I am inclined to think Dave-in-Decatur is right, that the reappearing webclipper app is somehow resulting from my own activity. However, I have been unable to locate where it is coming from. There are no Evernote extensions installed on any of my browsers, including on my phone. I never looked at the Applications section of Evernote before the breach, so I can’t 100% determine if this activity is new since the breach.
I have decided to quit using Evernote anyway, since I’m using the free version and somehow it locks me out on all of my devices if I revoke too many devices in a month (eg when I got a new phone & kept revoking the wrong one since both phones appeared with the same name, or when I mistakenly sign in online to check my security instead of using the link on the app). Highly inconvenient & gives me a heart attack every time I get locked out of my own notes.
If PinkElephant is right and the webclipper app is reappearing because the hacker has access to my computer and can detect my Evernote password changes, then they must have somehow been able to breach my computer through Evernote (maybe by installing code secretly into my notes, which I then copied to TextEdit which somehow allowed them to install something on my Mac without triggering any warnings?) and are running programs that are undetectable by my malware scanning software and don’t show up on my CPU activity report. I suppose that’s possible. I hope not.
Thanks again to the two of you for putting your brains to my problem. All best to you.