This is actually not the first time I’ve heard of SD cards being hacked - A lot of unusually cheap 32GB+ memory cards and USB sticks on Ebay are actually 2GB to 4GB cards with hacked firmware to give the advertised capacity. It is not until the user stores more than the real capacity that they notice their data has disappeared once they later try reading the files back.
However, if this is about running custom executable code, I’d say the main concern would be if a hacker manages to make a Cryptolocker-like infection for such cards.
Here’s a rough example of how this would work:
You see an unusually cheap 64GB branded card on eBay from a user with high feedback and buy it. You then run H2TestW (or some Fake card testing tool) and it comes with “No problems found”, so then put the card in your camera and head off on vacation.
To your knowledge, everything seems fine, but in the background the Malware is monitoring for any sign of JPG files being written. As soon as it detects one, it then adds a dummy ‘autorun.inf’ file to the root directory that it knows most cameras will ignore. So as you snap pictures and video clips, everything seems fine and you can preview your photos as usual.
Once you return home and insert the SD card in a PC, the first thing Windows does is read any ‘autorun.inf’ file. Once the Malware detects this file being accessed, it does not allow any further read back, but instead presents the user with a text file in the root folder explaining that the SD card has now been locked, that they must follow the payment instructions on blablabla.com to get instructions to get their photos back and that any other means of attempting to read the card’s content will result in the card being securely erased.