1: \begin{abstract}

2:   Recently, researchers have successfully employed Graph Neural Networks (GNNs) to build enhanced recommender systems due to their capability to learn patterns from the interaction between involved entities.

3:   In addition, previous studies have investigated federated learning as the main solution to enable a native privacy-preserving mechanism for the construction of global GNN models without collecting sensitive data into a single computation unit.

4:   Still, privacy issues may arise as the analysis of local model updates produced by the federated clients can return information related to sensitive local data.

5:   For this reason, experts proposed solutions that combine federated learning with Differential Privacy strategies and community-driven approaches, which involve combining data from neighbor clients to make the individual local updates less dependent on local sensitive data.

6:   

7:   In this paper, we identify a crucial security flaw in such a configuration, and we design an attack capable of deceiving state-of-the-art defenses for federated learning.

8:   The proposed attack includes two operating modes, the first one focusing on convergence inhibition (\emph{Adversarial Mode}), and the second one aiming at building a deceptive rating injection on the global federated model (\emph{Backdoor Mode}).  

9:   The experimental results show the effectiveness of our attack in both its modes, returning on average $60\%$ performance detriment in all the tests on Adversarial Mode and fully effective backdoors in $93\%$ of cases for the tests performed on Backdoor Mode.

10: \end{abstract}

11: