False data injection attacks (FDIA) are becoming an active avenue of research as such attacks are more frequently encountered in power systems. Contrary to the detection of these attacks, less attention has been paid to identifying the attacked units of the grid. To this end, this work jointly studies detecting and localizing the stealth FDIA in modern power grids. Exploiting the inherent graph topology of power systems as well as the spatial correlations of smart meters' data, this paper proposes an approach based on the graph neural network (GNN) to identify the presence and location of the FDIA. The proposed approach leverages the auto-regressive moving average (ARMA) type graph convolutional filters which offer better noise robustness and frequency response flexibility compared to the polynomial type graph convolutional filters such as Chebyshev. To the best of our knowledge, this is the first work based on GNN that automatically detects and localizes FDIA in power systems. Extensive simulations and visualizations show that the proposed approach outperforms the available methods in both detection and localization FDIA for different IEEE test systems. Thus, the targeted areas in power grids can be identified and preventive actions can be taken before the attack impacts the grid.